https://bugs.openldap.org/show_bug.cgi?id=9309
Issue ID: 9309 Summary: slapd exits on failed assertion in ppolicy.c: 912 ctrls_cleanup Product: OpenLDAP Version: 2.4.50 Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: overlays Assignee: bugs@openldap.org Reporter: jakealexis@gmail.com Target Milestone: ---
Created attachment 753 --> https://bugs.openldap.org/attachment.cgi?id=753&action=edit slapd debug -1 output
When trying to authenticate against slapd, it exits with an assertion failure:
`slapd: ppolicy.c:912: ctrls_cleanup: Assertion `rs->sr_ctrls != NULL' failed.`
I have searched quite extensively, and have found multiple previous bug reports with similar symptoms, often to do with the ppolicy overlay. Most of these have been marked as closed and fixed, but I'm using the latest version and still getting the same problem.
I have found one RedHat bug with similar symptoms that described it as a config error, but with no details of what the config error is - and the assert statement doesn't help me narrow it down.
I have tested this on 2.4.46 and 2.4.50, same behaviour.
https://bugs.openldap.org/show_bug.cgi?id=9309
--- Comment #1 from Ondřej Kuzník ondra@mistotebe.net --- On Mon, Aug 10, 2020 at 09:24:36AM +0000, openldap-its@openldap.org wrote:
When trying to authenticate against slapd, it exits with an assertion failure:
`slapd: ppolicy.c:912: ctrls_cleanup: Assertion `rs->sr_ctrls != NULL' failed.`
I have searched quite extensively, and have found multiple previous bug reports with similar symptoms, often to do with the ppolicy overlay. Most of these have been marked as closed and fixed, but I'm using the latest version and still getting the same problem.
I have found one RedHat bug with similar symptoms that described it as a config error, but with no details of what the config error is - and the assert statement doesn't help me narrow it down.
You suggest the crash is repeatable, please provide configuration (minus any credentials) and steps to reproduce so we can investigate.
Thanks,
https://bugs.openldap.org/show_bug.cgi?id=9309
--- Comment #2 from jakealexis@gmail.com --- In the process of dumping and uploading my config, I noticed that I had added the ppolicy overlay twice - removing the duplicate fixed the issue.
I am happy to close this as a bug, sorry - I expected it was a configuration issue on my end given the RedHat bug I mentioned but didn't know where!
Is there a reason why either: - the ppolicy code couldn't handle a duplicate? - if the configuration is incorrect, it wasn't rejected?
I have very little understanding of OpenLDAP internals, so sorry if those questions are naive.
https://bugs.openldap.org/show_bug.cgi?id=9309
Ondřej Kuzník ondra@mistotebe.net changed:
What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.openldap.org/s | |how_bug.cgi?id=9171
--- Comment #3 from Ondřej Kuzník ondra@mistotebe.net --- Thank you for the feedback. This is a bug only when multiple ppolicy modules are attached, not sure how easy this one will be to fix.
AFAIK there should be no reason to configure ppolicy multiple times (especially while we only support userPassword as the password attribute), but we don't currently have a way to check that either.
Regards, Ondrej
https://bugs.openldap.org/show_bug.cgi?id=9309
--- Comment #4 from Howard Chu hyc@openldap.org --- (In reply to Ondřej Kuzník from comment #3)
Thank you for the feedback. This is a bug only when multiple ppolicy modules are attached, not sure how easy this one will be to fix.
AFAIK there should be no reason to configure ppolicy multiple times (especially while we only support userPassword as the password attribute), but we don't currently have a way to check that either.
Not true. Just set SLAPO_BFLAG_SINGLE in the overlay bi_flags to prevent this.
https://bugs.openldap.org/show_bug.cgi?id=9309
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Target Milestone|--- |2.4.51 Status|UNCONFIRMED |RESOLVED
--- Comment #5 from Quanah Gibson-Mount quanah@openldap.org --- master:
Commits: • c8c39b84 by Howard Chu at 2020-08-10T16:07:39+01:00 ITS#9309 don't allow ppolicy to be configured more than once on a backend
Commits: • 633d40b0 by Howard Chu at 2020-08-10T16:40:54+01:00 For ITS#9309 fix check for duplicate overlays
and pass error message back to frontend
RE24:
Commits: • f244d985 by Howard Chu at 2020-08-10T15:49:35+00:00 ITS#9309 don't allow ppolicy to be configured more than once on a backend
• 1c6031c2 by Howard Chu at 2020-08-10T16:06:07+00:00 For ITS#9309 fix check for duplicate overlays
and pass error message back to frontend
https://bugs.openldap.org/show_bug.cgi?id=9309
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED