Hi list
Im trying to run pure-ftpd 1.0.21 on a FreeBSD 7.0-amd64 (still beta yes) host, with LDAP (openldap-2.3.39) as auth backend. However the authing doesnt seem to work at all, as soon as password is sent the client gets disconnected. I've posted this similar message (altough more debugging info now) to their list without a single response. Tracing the problem got me to the following code (pureftpd's log_ldap.c, with a lot of logfile statements inserted by me):
110 static LDAP *pw_ldap_connect(void) 111 { 112 LDAP *ld; 113 # ifdef LDAP_OPT_PROTOCOL_VERSION 114 int version = ldap_version; 115 # endif 116 117 if (ldap_host == NULL || port < 0) { 118 logfile(LOG_DEBUG, "bad host"); 119 return NULL; 120 } 121 logfile(LOG_DEBUG, "initing to host %s port %d", ldap_host, port); 122 if ((ld = ldap_init(ldap_host, port)) == NULL) { 123 logfile(LOG_DEBUG, "init failed"); 124 return NULL; 125 } 126 logfile(LOG_DEBUG, "init ok ld is %p", ld); 127 # ifdef LDAP_OPT_PROTOCOL_VERSION 128 logfile(LOG_DEBUG, "setting version %d", version); 129 if (ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version) != 130 LDAP_SUCCESS) { 131 logfile(LOG_DEBUG, "failed versionset"); 132 return NULL; 133 } 134 logfile(LOG_DEBUG, "versionset ok"); 135 # endif 136 logfile(LOG_DEBUG, "binding"); 137 if (ldap_bind_s(ld, root, pwd, LDAP_AUTH_SIMPLE) != LDAP_SUCCESS) { 138 logfile(LOG_DEBUG, "bind failed"); 139 return NULL; 140 } 141 logfile(LOG_DEBUG, "bound ok"); 142 143 return ld; 144 }
When running, I get this debug output
Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] ldap entered Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] connecting Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] initing to host localhost port 389 Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] init ok ld is 0x1297180 Dec 29 09:31:10 back-1 pure-ftpd: (?@172.28.1.11) [DEBUG] setting version 3 Dec 29 09:31:10 back-1 kernel: pid 97603 (pure-ftpd), uid 0: exited on signal 11
After that, nothing.. And the forked process dies. As its a forked one, I havent been able to run gdb on it, so I've done the above log entrys instead.. But it seems pretty clear that it crashes when doign ldap_set_option. If i skip the set option and do bind directly, that crashes too. slapd doesnt even see the connection so I guess its something in the client part
pure-ftpd: libssl.so.5 => /usr/lib/libssl.so.5 (0x800650000) libcrypto.so.5 => /lib/libcrypto.so.5 (0x80079a000) libldap-2.3.so.2 => /usr/local/lib/libldap-2.3.so.2 (0x800a2a000) liblber-2.3.so.2 => /usr/local/lib/liblber-2.3.so.2 (0x800b64000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x800c72000) libpam.so.4 => /usr/lib/libpam.so.4 (0x800d8b000) libc.so.7 => /lib/libc.so.7 (0x800e93000) libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x8010b0000)
Only have one version of the client lib installed so shouldnt be any problems there..
openldap-sasl-client-2.3.39 Open source LDAP client implementation with SASL2 support openldap-server-2.3.39 Open source LDAP server implementation
I do have the same setup but with openldap-2.3.38 running fine on a FreeBSD 6.2-i386 box. Haven't seen any problems with the regular ldap* tools on this box, but havent tested any other software yet.
Soo.. Anyone got any ideas? Hope this is the correct list, if not, sorry. Thanks!
-- Johan Ström Stromnet johan@stromnet.se http://www.stromnet.se/