https://bugs.openldap.org/show_bug.cgi?id=10080
--- Comment #5 from Hiroyuki Homma homma@allworks.co.jp --- Dear Ondřej,
Thank you for providing a patch so quickly.
I have applied the patch to my openldap 2.6.2 environment, but unfortunately I still get a segfault: -------- [ec2-user@ldap1 ~]$ sudo ldapmodify -Y EXTERNAL -H ldapi:/// <<END dn: cn=Remote User,ou=remote,ou=users,dc=example,dc=com changeType: modify replace: uidNumber uidNumber: 10001 END SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 modifying entry "cn=Remote User,ou=remote,ou=users,dc=example,dc=com" ldap_result: Can't contact LDAP server (-1) --------
The log output is: -------- Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 fd=16 ACCEPT from PATH=/var/run/ldapi (PATH=/var/run/ldapi) Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 op=0 BIND dn="" method=163 Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71 Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 op=0 RESULT tag=97 err=0 qtime=0.000037 etime=0.000111 text= Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 op=1 MOD dn="cn=Remote User,ou=remote,ou=users,dc=example,dc=com" Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 op=1 MOD attr=uidNumber Aug 25 18:45:35 ldap1 slapd[246667]: conn=1001 op=1 syncprov_matchops: not recording uuid for dn=cn=Remote User,ou=remote,ou=users,dc=example,dc=com on opc=0x7f0c9c0032e8 Aug 25 18:45:35 ldap1 systemd[1]: slapd.service: Main process exited, code=dumped, status=11/SEGV Aug 25 18:45:35 ldap1 systemd[1]: slapd.service: Failed with result 'core-dump'. --------
And the stack trace is: -------- Program terminated with signal SIGSEGV, Segmentation fault. #0 0x0000564e94f4636c in mdb_env_pick_meta (env=0x564e95aad5f0) at back-mdb/./../../../libraries/liblmdb/mdb.c:3944 3944 return metas[ metas[0]->mm_txnid < metas[1]->mm_txnid ]; [Current thread is 1 (Thread 0x7f0cad7fd640 (LWP 246672))] (gdb) bt #0 0x0000564e94f4636c in mdb_env_pick_meta (env=0x564e95aad5f0) at back-mdb/./../../../libraries/liblmdb/mdb.c:3944 #1 mdb_txn_renew0 (txn=txn@entry=0x7f0c9c11e1d0) at back-mdb/./../../../libraries/liblmdb/mdb.c:2688 #2 0x0000564e94f46990 in mdb_txn_begin (env=0x564e95aad5f0, parent=0x0, flags=131072, ret=0x7f0c9c003588) at back-mdb/./../../../libraries/liblmdb/mdb.c:2910 #3 0x0000564e94f6b428 in mdb_opinfo_get (op=op@entry=0x7f0c9c0023f0, mdb=mdb@entry=0x564e95aaed90, rdonly=rdonly@entry=1, moip=moip@entry=0x7f0cad7fa340) at back-mdb/id2entry.c:782 #4 0x0000564e94f72bfd in mdb_entry_get (op=0x7f0c9c0023f0, ndn=0x7f0c9c002438, oc=0x0, at=0x0, rw=0, ent=0x7f0cad7fa638) at back-mdb/id2entry.c:611 #5 0x0000564e94f355af in glue_entry_get_rw (op=0x7f0c9c0023f0, dn=0x7f0c9c002438, oc=0x0, ad=0x0, rw=0, e=0x7f0cad7fa638) at backglue.c:915 #6 0x0000564e94f30ad0 in overlay_entry_get_ov (op=op@entry=0x7f0c9c0023f0, dn=0x7f0c9c002438, oc=oc@entry=0x0, ad=ad@entry=0x0, rw=rw@entry=0, e=e@entry=0x7f0cad7fa638, on=0x564e95ab9620) at backover.c:364 (... the rest is the same as the attachment in my first comment) --------
The segfault occurs in glue_entry_get_rw after the entry in the ldap backend has been modified. At this point, glue_entry_get_rw is called with dn="cn=remote user,ou=users,dc=ad,dc=example,dc=com", and glue_back_select still incorrectly selects the mdb backend.
Regards,