https://bugs.openldap.org/show_bug.cgi?id=10111
Issue ID: 10111 Summary: dynlist crashes when using member+memberOf@groupOfNames Product: OpenLDAP Version: 2.6.6 Hardware: x86_64 OS: Linux Status: UNCONFIRMED Keywords: needs_review Severity: normal Priority: --- Component: overlays Assignee: bugs@openldap.org Reporter: uberthoth@gmail.com Target Milestone: ---
slapd crashes if queried for the memberof field if dynlist has this config (which is directly from the manpage for slapo-dynlist):
olcDynListAttrSet: groupOfURLs memberURL member+memberOf@groupOfNames
There is an example repo with a docker-compose.yml to replicate this issue here: https://github.com/joshuacox/openldap-overlay-dynlist
This may be a duplicate of this https://bugs.openldap.org/show_bug.cgi?id=10091 though I did not see a seg fault.
https://bugs.openldap.org/show_bug.cgi?id=10111
--- Comment #1 from Josh Cox uberthoth@gmail.com --- Here are some example searches that are known to crash the slapd server:
docker exec openldap ldapsearch -H ldap://localhost:1389 -LLL -x -s sub -b 'dc=example,dc=net' '(&(objectClass=inetOrgPerson)(memberof=cn=readers,ou=users,dc=example,dc=net))' docker exec openldap ldapsearch -H ldap://localhost:1389 -LLL -x -s sub -b 'dc=example,dc=net' 'cn=customuser' memberof docker exec openldap ldapsearch -H ldap://localhost:1389 -LLL -x -s sub -b 'dc=example,dc=net' 'cn=Dynamic Group' memberOf docker exec openldap ldapsearch -H ldap://localhost:1389 -LLL -x -s sub -b 'cn=Dynamic Group,ou=Groups,dc=example,dc=net' 'member=blah'
https://bugs.openldap.org/show_bug.cgi?id=10111
--- Comment #2 from Josh Cox uberthoth@gmail.com --- it is without a doubt seg faulting:
[25119.082981] slapd[592546]: segfault at 0 ip 00007feeee44651e sp 00007feead1683c0 error 4 in dynlist.so.2.0.200[7feeee440000+9000] likely on CPU 4 (core 8, socket 0)
https://bugs.openldap.org/show_bug.cgi?id=10111
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Keywords|needs_review | Resolution|--- |DUPLICATE
--- Comment #3 from Quanah Gibson-Mount quanah@openldap.org --- dynlist cannot be configured globally on the frontend, it must be assigned to a specific database backend.
*** This issue has been marked as a duplicate of issue 10091 ***
https://bugs.openldap.org/show_bug.cgi?id=10111
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |VERIFIED
https://bugs.openldap.org/show_bug.cgi?id=10111
--- Comment #4 from Josh Cox uberthoth@gmail.com --- I realized I needed to alter this line:
dn: olcOverlay=dynlist,olcDatabase={-1}frontend,cn=config
to this line:
dn: olcOverlay=dynlist,olcDatabase={2}mdb,cn=config
on my example here: https://github.com/joshuacox/openldap-overlay-dynlist
-
openldap-its@openldap.org