https://bugs.openldap.org/show_bug.cgi?id=9477
Issue ID: 9477 Summary: slapd on master branch segfaults at first connection establishment with an LDAP client Product: OpenLDAP Version: 2.5 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: david.coutadeur@gmail.com Target Milestone: ---
Everything is in the title:
slapd on master branch segfaults at first connection establishment with an LDAP client
slapd-2.5.X-Devel
Compilation options:
./configure --prefix=/usr/local/openldap --libdir=/usr/local/openldap/lib64 --enable-overlays --enable-modules --enable-dynamic=yes --with-tls=openssl --enable-debug --with-cyrus-sasl --enable-spasswd --enable-ppolicy --enable-crypt --enable-ldap -enable-slapi --enable-meta --enable-sock --enable-wrappers --enable-rlookups
using default slapd.conf file:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/core.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args
# Load dynamic backend modules: # modulepath /usr/local/openldap/libexec/openldap # moduleload back_mdb.la # moduleload back_ldap.la
# Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING!
####################################################################### # MDB database definitions #######################################################################
database mdb maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/openldap/var/openldap-data # Indices to maintain index objectClass eq
For information, I also converted this configuration into cn=config with the same result.
some commands after installation: mkdir /usr/local/openldap/var/openldap-data chown -R ldap:ldap /usr/local/openldap
Launch command:
/usr/local/openldap/libexec/slapd -h 'ldap://*:389 ldaps://*:636' -f /usr/local/openldap/etc/openldap/slapd.conf -u ldap -g ldap -d -1
Establish connection with any client with manager credential on 389 port.
Console output:
6036a1a3 daemon: activity on 1 descriptor 6036a1a3 daemon: activity on: 6036a1a3 slap_listener_activate(7): 6036a1a3 daemon: epoll: listen=7 busy 6036a1a3 daemon: epoll: listen=8 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=9 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=10 active_threads=0 tvp=NULL 6036a1a3 >>> slap_listener(ldap://*:389) 6036a1a3 daemon: accept() = 14 6036a1a3 daemon: activity on 1 descriptor 6036a1a3 daemon: activity on: 6036a1a3 daemon: epoll: listen=7 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=8 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=9 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=10 active_threads=0 tvp=NULL 6036a1a3 daemon: listen=7, new connection on 14 Erreur de segmentation
https://bugs.openldap.org/show_bug.cgi?id=9477
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution|--- |TEST
--- Comment #1 from Howard Chu hyc@openldap.org --- Broken by ITS#9339, fixed in master
https://bugs.openldap.org/show_bug.cgi?id=9477
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.5.2
--- Comment #2 from Quanah Gibson-Mount quanah@openldap.org --- Commits: • 22fd5a89 by Howard Chu at 2021-02-24T19:59:51+00:00 ITS#9477 fix regression from #9339
Must provide plain IP address for TCP wrapper
https://bugs.openldap.org/show_bug.cgi?id=9477
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|TEST |FIXED
https://bugs.openldap.org/show_bug.cgi?id=9477
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=9477
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |grapvar@gmail.com
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- *** Issue 9445 has been marked as a duplicate of this issue. ***