Pierangelo Masarati wrote:

michael@stroeder.com wrote:

...

I'm experiencing seg faults when using SASL/EXTERNAL bind when connected over ldapi://. I will try to examine this further.

segfault at 0 ip b7f21d4c sp b370fd10 error 6 in libdb-4.6.so[b7ef9000+14f000]

This bug is typical of loading a libsasl2 module (libsasldb) built with a Berkeley DB version different from the one slapd was built with, or loading a libsasl2 module built with a different version of libsasl2 than the one slapd was built with. Can you check?

I will check this right now. Anyway find below the tail of the server's log when invoking

ldapwhoami -H ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1 -Y EXTERNAL

Ciao, Michael.

--------------------------------- snip -------------------------------- ==> sasl_bind: dn="" mech=EXTERNAL datalen=0 SASL Canonicalize [conn=0]: authcid="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" slap_sasl_getdn: conn 0 id=gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth [len=59] ==>slap_sasl2dn: converting SASL name gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth to a DN ==> rewrite_context_apply [depth=1] string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth' ==> rewrite_rule_apply rule='gidnumber=([0-9]+)+uidnumber=([0-9]+),cn=peercred,cn=external,cn=auth' string='gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth' [1 pass(es)] ==> rewrite_context_apply [depth=1] res={0,'ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))'} [rw] authid: "gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" -> "ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))" slap_parseURI: parsing ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)) ldap_url_parse_ext(ldap:///ou=schulung,dc=stroeder,dc=local??sub?(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))) put_filter: "(&(objectClass=posixAccount)(uidNumber=500)(gidNumber=100))" put_filter: AND put_filter_list "(objectClass=posixAccount)(uidNumber=500)(gidNumber=100)" put_filter: "(objectClass=posixAccount)" put_filter: simple put_simple_filter: "objectClass=posixAccount" put_filter: "(uidNumber=500)" put_filter: simple put_simple_filter: "uidNumber=500" put_filter: "(gidNumber=100)" put_filter: simple put_simple_filter: "gidNumber=100" ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber: ber_scanf fmt ({mm}) ber:

...

...

dnNormalize: <ou=schulung,dc=stroeder,dc=local>

=> ldap_bv2dn(ou=schulung,dc=stroeder,dc=local,0) <= ldap_bv2dn(ou=schulung,dc=stroeder,dc=local)=0 => ldap_dn2bv(272) <= ldap_dn2bv(ou=schulung,dc=stroeder,dc=local)=0 <<< dnNormalize: <ou=schulung,dc=stroeder,dc=local> slap_sasl2dn: performing internal search (base=ou=schulung,dc=stroeder,dc=local, scope=2) => hdb_search bdb_dn2entry("ou=schulung,dc=stroeder,dc=local") => access_allowed: auth access to "ou=schulung,dc=stroeder,dc=local" "entry" requested => dn: [4] ou=users,ou=schulung,dc=stroeder,dc=local => dn: [5] ou=groups,ou=schulung,dc=stroeder,dc=local => dn: [6] ou=schulung,dc=stroeder,dc=local => acl_get: [6] matched => acl_get: [6] attr entry => acl_mask: access to entry "ou=schulung,dc=stroeder,dc=local", attr "entry" requested => acl_mask: to all values by "", (=0) <= check a_dn_pat: * <= acl_mask: [2] applying none(=0) (stop) <= acl_mask: [2] mask: none(=0) => slap_access_allowed: auth access denied by none(=0) => access_allowed: no more rules send_ldap_result: conn=0 op=0 p=3 send_ldap_result: err=32 matched="" text="" <==slap_sasl2dn: Converted SASL name to <nothing> SASL Canonicalize [conn=0]: slapAuthcDN="gidNumber=100+uidNumber=500,cn=peercred,cn=external,cn=auth" ./start-slapd1.sh: line 14: 20820 Segmentation fault ${OPENLDAP_PREFIX}/libexec/slapd -d stats,acl,args,trace,sync -h "ldap://0.0.0.0:2071 ldapi://%2Fhome%2Fmichael%2Ftemp%2Fopenldap-testbed-RE24%2Fslapd1" -n slapd-schulung-1 -u michael -f ${LOCALCONFIG}/slapd-1.conf -F ${LOCALCONFIG}/slapd-1.conf.d michael@nb2:~/temp/openldap-testbed-RE24>