I've been trying, unsuccessfully, to set up ppolicy in my installation
(2.4.21 on Ubuntu). As soon as I set up the overlay (before I even
configure a user with a password policy or set up a default policy),
slapcatting the database results in a segmentation fault. I tried it on
2.4.23 and 2.4.17 with the same results. Here is the configuration I'm
using, and a backtrace from the 2.4.21 installation:
dn: cn=module{0}
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb.la
olcModuleLoad: {1}autogroup.la
olcModuleLoad: {2}syncprov.la
olcModuleLoad: {3}smbk5pwd.la
olcModuleLoad: {4}ppolicy.la
dn: olcOverlay={3}ppolicy
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {3}ppolicy
olcPPolicyHashCleartext: FALSE
olcPPolicyUseLockout: TRUE
olcPPolicyForwardUpdates: FALSE
structuralObjectClass: olcPPolicyConfig
(gdb) run
Starting program: /usr/sbin/slapcat -n1
[Thread debugging using libthread_db enabled]
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff242d840 in ppolicy_restrict (op=0x7fffffffd710,
rs=0x7fffffffd670) at
/usr/src/openldap/openldap-2.4.21/servers/slapd/overlays/ppolicy.c:1271
1271
/usr/src/openldap/openldap-2.4.21/servers/slapd/overlays/ppolicy.c: No
such file or directory.
in /usr/src/openldap/openldap-2.4.21/servers/slapd/overlays/ppolicy.c
(gdb) backtrace
#0 0x00007ffff242d840 in ppolicy_restrict (op=0x7fffffffd710,
rs=0x7fffffffd670) at
/usr/src/openldap/openldap-2.4.21/servers/slapd/overlays/ppolicy.c:1271
#1 0x00007ffff7f6ed3a in overlay_op_walk (op=0x7fffffffd710,
rs=0x7fffffffd670, which=<value optimized out>, oi=0x7ffff8320fc0,
on=0x7ffff8340d50)
at /usr/src/openldap/openldap-2.4.21/servers/slapd/backover.c:659
#2 0x00007ffff7f6f8ab in over_op_func (op=0x7fffffffd710,
rs=0xfffffffffffffff0, which=4294957776)
at /usr/src/openldap/openldap-2.4.21/servers/slapd/backover.c:721
#3 0x00007ffff2a4b141 in autogroup_db_open (be=<value optimized out>,
cr=<value optimized out>) at autogroup.c:1754
#4 0x00007ffff7f6e994 in over_db_open (be=<value optimized out>,
cr=0x7fffffffdfc0) at
/usr/src/openldap/openldap-2.4.21/servers/slapd/backover.c:155
#5 0x00007ffff7f1388c in backend_startup_one (be=0x7ffff8314e80,
cr=0x7fffffffdfc0) at
/usr/src/openldap/openldap-2.4.21/servers/slapd/backend.c:224
#6 0x00007ffff7f13a83 in backend_startup (be=0x7ffff8314e80) at
/usr/src/openldap/openldap-2.4.21/servers/slapd/backend.c:278
#7 0x00007ffff7f742cc in slap_tool_init (progname=<value optimized
out>, tool=2, argc=2, argv=0x7fffffffe5b8)
at /usr/src/openldap/openldap-2.4.21/servers/slapd/slapcommon.c:780
#8 0x00007ffff7f7335a in slapcat (argc=-9520, argv=<value optimized
out>) at /usr/src/openldap/openldap-2.4.21/servers/slapd/slapcat.c:51
#9 0x00007ffff7ee84f5 in main (argc=2, argv=0x7fffffffe5b8) at
/usr/src/openldap/openldap-2.4.21/servers/slapd/main.c:657
As soon as I remove olcOverlay={3}ppolicy from the backend database, the
problem disappears. The configuration isn't anything special so I don't
think it's a misconfiguration issue, but I figured I'd get a second
opinion from the list before submitting this issue as a bug to the ITS.
As always, all advice and input is appreciated.
-Ryan