Full_Name: Michael Heep Version: 2.3.34 OS: RHES30 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (82.113.101.1)
Since I'm not sure whether this is realted to my previos ITS (4847) so I'm filing another report as the OS and circumstances are different.
As of 2.3.34 slapd crashes on Red Hat Enterprise 3.0 during startup. The funny thing is it only crashes on our slave, not on the master. The slave uses the following slapd.conf:
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. #
# Schema files to include include /opt/openldap/etc/schema/core.schema include /opt/openldap/etc/schema/cosine.schema include /opt/openldap/etc/schema/sudo.schema include /opt/openldap/etc/schema/nis.schema include /opt/openldap/etc/schema/openssh-lpk.schema include /opt/openldap/etc/schema/dyngroup.schema
# Put those into the 'ldap' user's homedir (/var/lib/ldap) because # user 'ldap' has no write permissions in /var/run pidfile /var/lib/ldap/slapd.pid argsfile /var/lib/ldap/slapd.args
# Security restrictions (all operations require at least 128bit encryption) security ssf=128 update_ssf=128 simple_bind=128
# Access control policy # rootdn can always read/write anything! # DO NOT MESS WITH THIS UNLESS YOU KNOW WHAT YOU’ARE DOING! access to dn.subtree="cn=Monitor" by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" read access to dn.subtree="cn=accesslog" by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" read access to * by dn.children="ou=Area 52,dc=o2online,dc=de" none by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" write by dn.exact="cn=syncreader,dc=o2online,dc=de" read by * break access to attrs=userPassword by self write by anonymous auth access to attrs=shadowLastChange by self write by * read access to * by * read
# Logging loglevel 256
# Close idle connections after 120sec idletimeout 120
# SSL/TLS Stuff TLSCACertificateFile /opt/openldap/etc/ssl-certs/cno-ldc_ca.cert TLSCertificateFile /opt/openldap/etc/ssl-certs/sgmldap02.cert TLSCertificateKeyFile /opt/openldap/etc/ssl-keys/sgmldap02.key TLSCipherSuite HIGH TLSVerifyClient try
# Chainig overlay for automatic referral chasing (global so it affects updaterefs!) # chain-uri must be EXACTLY the same as updateref (ip/host, port), otherwise it wont't work! overlay chain chain-uri "ldap://sgmldap01" chain-idassert-bind bindmethod=sasl binddn="cn=syncreader,dc=o2online,dc=de" saslmech=external mode=self chain-tls start
######################## # Database definitions # ######################## # Database for access logging database bdb suffix cn=accesslog rootdn "cn=root,cn=accesslog" rootpw {SSHA}FORBIDDEN directory /var/lib/ldap/openldap-accesslog
# Indices to maintain index reqStart eq index objectClass eq
# Checkpointing & caching checkpoint 256 5 cachesize 1000 idlcachesize 3000
# No limits for CNO-LDC limits dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" size=unlimited time=unlimited
# Database with monitor backend for the Directory Informartion Tree database monitor database bdb suffix "dc=o2online,dc=de" rootdn "cn=root,dc=o2online,dc=de" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw {SSHA}
# The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap/openldap-data
# Accesslog overlay - Keep logs for 30 days and purge old entries once a day overlay accesslog logdb cn=accesslog logops writes logold (objectclass=*) logpurge 30+00:00 01+00:00
# Indices to maintain # WARNING: If you add indices stop slapd, run slapindex, then start slapd! # Otherwise you'll experience problems like searches returning improper results. index objectClass eq index entryCSN eq index entryUUID eq index sudoUser pres,eq,sub index uid,cn pres,eq,sub index uidNumber eq index gidNumber eq index memberUid eq index uniqueMember eq index host eq
## Syncrepl provider settings #overlay syncprov #syncprov-checkpoint 50 5 #syncprov-sessionlog 100
# Syncrepl consumer settings # Set attrs="*,+" or don't configure it at all to also replicate all operational attributes # (createTimestamp, creatorsName, modifiersName, modifyTimestamp, etc.) syncrepl rid=100 provider=ldap://sgmldap01 type=refreshAndPersist interval=00:00:00:10 retry="60 10 300 +" searchbase="dc=o2online,dc=de" filter="(objectclass=*)" scope=sub attrs="*,+" schemachecking=on starttls=critical bindmethod=sasl saslmech="external"
# URL to return to clients which submit update requests updateref ldap://sgmldap01
# No limits for the "syncreader" account limits dn.exact="cn=syncreader,dc=o2online,dc=de" size=unlimited time=unlimited
# Caches & Checkpointing (see slapd-bdb(5) manual) cachesize 10000 idlcachesize 30000 checkpoint 1024 5
# Attribute uniqueness overlay for POSIX accounts overlay unique unique_base "ou=People,dc=o2online,dc=de" unique_attributes uid uidNumber
# Dynlist overlay to dynamically add members to groups through memberURLs overlay dynlist dynlist-attrset extensibleObject memberURL uniqueMember
# Value sorting overlay overlay valsort valsort-attr uniqueMember dc=o2online,dc=de alpha-ascend valsort-attr host dc=o2online,dc=de alpha-ascend
# Allow Proxy Authorization authz-policy to
# SASL rewrite rules authz-regexp email=[we want no spam]@o2.com,cn=sgmldap([0-9]*),ou=cno-ldc,o=o2\ germany,l=frankfurt,st=hessen,c=de cn=syncreader,dc=o2online,dc=de
The master's conf is basically the same. Just overlay chain + syncrepl commaneted out and overlay syncprov commented in. Uncommenting the following directives results in a clean startup: ## Syncrepl provider settings #overlay syncprov #syncprov-checkpoint 50 5 #syncprov-sessionlog 100
Here's the gdb dump: (gdb) file ./slapd Reading symbols from /home/heepm/slapd...done. Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run -u ldap -f /opt/openldap/etc/slapd.conf -h "ldap:/// ldaps:///" Starting program: /home/heepm/slapd -u ldap -f /opt/openldap/etc/slapd.conf -h "ldap:/// ldaps:///" [Thread debugging using libthread_db enabled] [New Thread -1218506624 (LWP 29908)]
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1218506624 (LWP 29908)] 0x0062ff95 in memmove () from /lib/tls/libc.so.6 (gdb) bt full #0 0x0062ff95 in memmove () from /lib/tls/libc.so.6 No symbol table info available. #1 0x0817722a in rdn2str (rdn=0x901ea28, str=0x901ed12 "", flags=272, len=0x90177e2, s2s=0x8176420 <strval2str>) at getdn.c:2571 iAVA = 0 l = 3 #2 0x08177dfc in ldap_dn2bv_x (dn=0x901ebe0, bv=0x901e854, flags=272, ctx=0x0) at getdn.c:3044 rdnl = 10 iRDN = 1 rc = -3 len = 28 l = 10 sv2l = (int (*)(struct berval *, unsigned int, ber_len_t *)) 0x8176130 <strval2strlen> sv2s = (int (*)(struct berval *, char *, unsigned int, ber_len_t *)) 0x8176420 <strval2str> #3 0x08095479 in dnNormalize (use=0, syntax=0x0, mr=0x0, val=0xbfffb098, out=0x901e854, ctx=0x0) at dn.c:627 dn = 0x901ebe0 rc = 0 #4 0x081516c5 in unique_config (be=0x90177e2, fname=0x8fd9018 "/opt/openldap/etc/slapd.conf", lineno=156, argc=2, argv=0x9006ff8) at unique.c:151 bv = {bv_len = 27, bv_val = 0x901e7fd "ou=People,dc=o2online,dc=de"} on = (slap_overinst *) 0x90177e2 ud = (unique_data *) 0x901e848 up = (unique_attrs *) 0xbfffb098 text = 0xbfffb21c "/opt/openldap/etc/slapd.conf: line 156" ad = (AttributeDescription *) 0x6030a4 i = 7256760 #5 0x080ddb1a in over_db_config (be=0x901e040, fname=0x8fd9018 "/opt/openldap/etc/slapd.conf", lineno=156, argc=2, argv=0x9006ff8) at backover.c:157 on2 = (slap_overinst *) 0x0 onp = (slap_overinst **) 0x81512c0 be2 = {bd_info = 0x0, be_ctrls = '\0' <repeats 32 times>, be_flags = 0, be_restrictops = 0, be_requires = 0, be_ssf_set = { sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf = 0, sss_update_transport = 0, sss_update_tls = 0, sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x0, be_nsuffix = 0x0, be_schemadn = {bv_len = 0, bv_val = 0x0}, be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 0, bv_val = 0x0}, be_rootndn = {bv_len = 0, bv_val = 0x0}, be_rootpw = {bv_len = 0, bv_val = 0x0}, be_max_deref_depth = 0, be_def_limit = {lms_t_soft = 0, lms_t_hard = 0, lms_s_soft = 0, lms_s_hard = 0, lms_s_unchecked = 0, lms_s_pr = 0, lms_s_pr_hide = 0, lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x0, be_dfltaccess = ACL_NONE, be_replica = 0x0, be_replogfile = 0x0, be_update_ndn = {bv_len = 0, bv_val = 0x0}, be_update_refs = 0x0, be_pending_csn_list = 0x0, be_pcl_mutex = {__m_reserved = 0, __m_count = 0, __m_owner = 0x0, __m_kind = 0, __m_lock = {__status = 0, __spinlock = 0}}, be_pcl_mutexp = 0x0, be_syncinfo = 0x0, be_pb = 0x0, be_cf_ocs = 0x0, be_private = 0x0, be_next = {stqe_next = 0x0}} i = 0 oi2 = (slap_overinfo *) 0x90177e2 oi = (slap_overinfo *) 0x901e4f8 on = (slap_overinst *) 0x901ebf8 be_cf_ocs = (struct ConfigOCs *) 0x82a0900 ca = {argc = 2, argv = 0x9006ff8, argv_size = 0, line = 0x0, tline = 0x0, fname = 0x8fd9018 "/opt/openldap/etc/slapd.conf", lineno = 156, log = "/opt/openldap/etc/slapd.conf: line 156", '\0' <repeats 4085 times>, msg = '\0' <repeats 255 times>, depth = 0, valx = 0, values = {v_int = 0, v_long = 0, v_ber_t = 0, v_string = 0x0, v_bv = {bv_len = 0, bv_val = 0x0}, v_dn = {vdn_dn = {bv_len = 0, bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val = 0x0}}}, rvalue_vals = 0x0, rvalue_nvals = 0x0, op = 0, type = 0, ---Type <return> to continue, or q <return> to quit--- be = 0x901e040, bi = 0x0, ca_entry = 0x0, private = 0x0, cleanup = 0} rc = -1026 #6 0x0807918f in read_config_file (fname=0x8fd9018 "/opt/openldap/etc/slapd.conf", depth=0, cf=0x9007800, cft=0x829bea0) at config.c:807 fp = (FILE *) 0x9007800 ct = (ConfigTable *) 0x90177e2 c = (ConfigArgs *) 0x9005e80 rc = 151019136 s = {st_dev = 26626, __pad1 = 0, st_ino = 229380, st_mode = 33184, st_nlink = 1, st_uid = 0, st_gid = 55, st_rdev = 0, __pad2 = 0, st_size = 5199, st_blksize = 4096, st_blocks = 16, st_atim = {tv_sec = 1172158204, tv_nsec = 0}, st_mtim = { tv_sec = 1171993893, tv_nsec = 0}, st_ctim = {tv_sec = 1171993893, tv_nsec = 0}, __unused4 = 0, __unused5 = 0} #7 0x0807357e in read_config (fname=0x8fd9018 "/opt/openldap/etc/slapd.conf", dir=0x8fd9018 "/opt/openldap/etc/slapd.conf") at bconfig.c:3077 st = {st_dev = 7, __pad1 = 50360, st_ino = 135507850, st_mode = 150982944, st_nlink = 3221210280, st_uid = 1, st_gid = 150983096, st_rdev = 588336130853561644, __pad2 = 50360, st_size = 134901884, st_blksize = 136982680, st_blocks = 0, st_atim = {tv_sec = -1073756936, tv_nsec = 134933086}, st_mtim = {tv_sec = 0, tv_nsec = 24582}, st_ctim = {tv_sec = -1073756952, tv_nsec = 135684567}, __unused4 = 136990016, __unused5 = 0} be = (BackendDB *) 0x9005bb8 cfb = (CfBackInfo *) 0x9005cc0 cfdir = 0x901ea60 "\002" cfname = 0x8fd9018 "/opt/openldap/etc/slapd.conf" rc = 151018424 #8 0x0806c445 in main (argc=7, argv=0xbfffc614) at main.c:667 val = 0x0 opt = {bv_len = 3221210504, bv_val = 0x822db6e "\215\223\024\207ÿÿ\215\213\024\207ÿÿ)ÊÁú\0021ö9Ös\017\211×\220ÿ\224³\024\207ÿÿF9þrô\203Ä\f[^_ÉÃU\211åVSè"} i = 0 i = 136960888 no_detach = 0 rc = 0 urls = 0x8fd9040 "ldap:/// ldaps:///" username = 0x8fd9008 "ACI Item" groupname = 0x0 sandbox = 0x0 syslogUser = 160 configfile = 0x8fd9018 "/opt/openldap/etc/slapd.conf" configdir = 0x0 serverName = 0xbfffec31 "slapd" scp = (struct sync_cookie *) 0x829db78 scp_entry = (struct sync_cookie *) 0x90177e2 debug_unknowns = (char **) 0x0 syslog_unknowns = (char **) 0x0 serverNamePrefix = 0x90177e2 "" slapd_pid_file_unlink = 0 slapd_args_file_unlink = 0
With kind regards Michael Heep
-
michael.heep@o2.com