Why my slapd crash when I have login with SASL i am confiure line for slapd is: ./configure --with-cyrus-sasl --enable-sql --enable-hdb=no --enable-bdb=no CPPFLAGS="-I/usr/local/include -I/usr/local/unixODBC/include" LDFLAGS="-L/usr/local/lib -L/usr/local/unixODBC/lib"
slapd work normal if I have loggin to it - if I write bad password - slapd normal working but if i write good login to slapd (correct login and pass) slapd is crash (always if I write correct my login and password ( ldapsearch -I ),
please help me - how configure slapd with sasl....... but my slapd (last version) dont work with sasl :/
slapd -d 1: ........
slap_listener(ldap:///)connection_get(8): got connid=0
connection_read(8): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 62 contents: ber_get_next ber_get_next on fd 8 failed errno=35 (Resource temporarily unavailable) do_search ber_scanf fmt ({miiiib) ber:
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <> ber_scanf fmt (m) ber: ber_scanf fmt ({M}}) ber: ==>select_backend: START ==>select_backend: dn: => send_search_entry: conn 0 dn="" ber_flush: 62 bytes to sd 8 <= send_search_entry: conn 0 exit. send_ldap_result: conn=0 op=0 p=3 send_ldap_response: msgid=1 tag=101 err=0 ber_flush: 14 bytes to sd 8 connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 24 contents: ber_get_next ber_get_next on fd 8 failed errno=35 (Resource temporarily unavailable) do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt ({m) ber: ber_scanf fmt (}}) ber:
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <> do_sasl_bind: dn () mech DIGEST-MD5 SASL [conn=0] Debug: DIGEST-MD5 server step 1 send_ldap_sasl: err=14 len=184 send_ldap_response: msgid=2 tag=97 err=14 ber_flush: 203 bytes to sd 8 <== slap_sasl_bind: rc=14 connection_get(8): got connid=0 connection_read(8): checking for input on id=0 ber_get_next ber_get_next: tag 0x30 len 323 contents: ber_get_next ber_get_next on fd 8 failed errno=35 (Resource temporarily unavailable) do_bind ber_scanf fmt ({imt) ber: ber_scanf fmt ({m) ber: ber_scanf fmt (m) ber: ber_scanf fmt (}}) ber:
dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <> do_sasl_bind: dn () mech DIGEST-MD5 SASL [conn=0] Debug: DIGEST-MD5 server step 2 slap_sasl_getdn: u:id converted to uid=test,cn=example.com,cn=DIGEST-MD5,cn=auth
dnNormalize: <uid=test,cn=example.com,cn=DIGEST-MD5,cn=auth>
<<< dnNormalize: <uid=test,cn=example.com,cn=digest-md5,cn=auth> ==>slap_sasl2dn: converting SASL name uid=test,cn=example.com,cn=digest-md5,cn=auth to a DN slap_authz_regexp: converting SASL name uid=test,cn=example.com,cn=digest-md5,cn=auth <==slap_sasl2dn: Converted SASL name to <nothing> slapd in free(): error: chunk is already free Abort (core dumped) ....
slad.conf file cat slapd.conf # $OpenLDAP: pkg/ldap/servers/slapd/back-sql/rdbms_depend/mysql/slapd.conf,v 1.5.2.1 2005/01/20 18:04:03 kurt Exp $ # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema
# Define global ACLs to disable default read access. access to * by * write
# Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org
pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args loglevel -1
authz-police all sasl-host example.com sasl-realm example.com #require SASL
authz-regexp uid=([^,]*),dc=example,dc=com uid=test,dc=example,dc=com
#sasl-secprops none
#authzTo: uid=[^,]*,dc=example,dc=com
####################################################################### # sql database definitions ####################################################################### database sql suffix "dc=example,dc=com"
#rootdn "cn=test,dc=example,dc=com" #rootpw secret dbname ldap dbuser ldap dbpasswd ldap123zxc subtree_cond "ldap_entries.dn LIKE CONCAT('%',?)" insentry_stmt "INSERT INTO ldap_entries (dn,oc_map_id,parent,keyval) VALUES (?,?,?,?)" has_ldapinfo_dn_ru no
#access to attrs=userPassword # by * auth
#access to * by * none
sorry but email administrator always block wrote:
Why my slapd crash when I have login with SASL i am confiure line for slapd is: ./configure --with-cyrus-sasl --enable-sql --enable-hdb=no --enable-bdb=no CPPFLAGS="-I/usr/local/include -I/usr/local/unixODBC/include" LDFLAGS="-L/usr/local/lib -L/usr/local/unixODBC/lib"
slapd work normal if I have loggin to it - if I write bad password - slapd normal working but if i write good login to slapd (correct login and pass) slapd is crash (always if I write correct my login and password ( ldapsearch -I ),
A thought (cos it happened to me years ago): you could be mixing SASL1 and SASL2 libraries. You don't state OS or vendor, but if it's Linux make sure you've included /usr/local/lib in /etc/ld.so.conf or one of the files in /etc/ld.so.conf.d (if you have it) and run ldconfig.
Mixing the two library versions is a common cause of SIGSEGV with programe using them.
--Tonni
openldap-software@openldap.org