ldapmodify is crashing the slapd process

Hi everyone,

I am trying to do a number of changes into the configuration database using the following ldif entries:

dn: cn=config changetype: modify add: olcTLSCACertificatePath olcTLSCACertificatePath: /etc/ssl/certs - add: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/ssl/slapd.cert - add: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/ssl/slapd.key - add: olcTLSCipherSuite olcTLSCipherSuite: AES256 - replace: olcTLSVerifyClient olcTLSVerifyClient: allow -

When running the ldapmodify command as follow:

ldapmodify -f tlsmods.ldir -D cn=config -H ldapi:/// -x -W

the slapd process is crashing. I tried to gather some info into the syslog using -s 255 and I cannot find any hints why the process is crashing. I am running OpenLDAP 2.4.24 and here are the entries generated in the syslog after the ldapmodify command:

Feb 7 16:00:27 charpak ldapmodify: mdns: Couldn't open nss_mdns configuration file /etc/nss_mdns.conf, using default. Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on: Feb 7 16:00:31 charpak slapd[23821]: Feb 7 16:00:31 charpak slapd[23821]: slap_listener_activate(9): Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9 busy Feb 7 16:00:31 charpak slapd[23821]: >>> slap_listener(ldapi://%2fvar% 2frun%2fopenldap%2fslapd.sock) Feb 7 16:00:31 charpak slapd[23821]: daemon: listen=9, new connection on 15 Feb 7 16:00:31 charpak slapd[23821]: daemon: added 15r (active) listener=(nil) Feb 7 16:00:31 charpak slapd[23821]: conn=1000 fd=15 ACCEPT from PATH=/var/run/openldap/slapd.sock (PATH=/var/run/openldap/slapd.sock) Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on: Feb 7 16:00:31 charpak slapd[23821]: Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on: Feb 7 16:00:31 charpak slapd[23821]: 15r Feb 7 16:00:31 charpak slapd[23821]: Feb 7 16:00:31 charpak slapd[23821]: daemon: read active on 15 Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: connection_get(15) Feb 7 16:00:31 charpak slapd[23821]: connection_get(15): got connid=1000 Feb 7 16:00:31 charpak slapd[23821]: connection_read(15): checking for input on id=1000 Feb 7 16:00:31 charpak slapd[23821]: op tag 0x60, time 1328648431 Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=0 do_bind Feb 7 16:00:31 charpak slapd[23821]: >>> dnPrettyNormal: <cn=config> Feb 7 16:00:31 charpak slapd[23821]: <<< dnPrettyNormal: <cn=config>, <cn=config> Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=0 BIND dn="cn=config" method=128 Feb 7 16:00:31 charpak slapd[23821]: do_bind: version=3 dn="cn=config" method=128 Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=0 BIND dn="cn=config" mech=SIMPLE ssf=0 Feb 7 16:00:31 charpak slapd[23821]: do_bind: v3 bind: "cn=config" to "cn=config" Feb 7 16:00:31 charpak slapd[23821]: send_ldap_result: conn=1000 op=0 p=3 Feb 7 16:00:31 charpak slapd[23821]: send_ldap_result: err=0 matched="" text="" Feb 7 16:00:31 charpak slapd[23821]: send_ldap_response: msgid=1 tag=97 err=0 Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=0 RESULT tag=97 err=0 text= Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on: Feb 7 16:00:31 charpak slapd[23821]: Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on: Feb 7 16:00:31 charpak slapd[23821]: 15r Feb 7 16:00:31 charpak slapd[23821]: Feb 7 16:00:31 charpak slapd[23821]: daemon: read active on 15 Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: connection_get(15) Feb 7 16:00:31 charpak slapd[23821]: connection_get(15): got connid=1000 Feb 7 16:00:31 charpak slapd[23821]: connection_read(15): checking for input on id=1000 Feb 7 16:00:31 charpak slapd[23821]: op tag 0x66, time 1328648431 Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=1 do_modify Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=1 do_modify: dn (cn=config) Feb 7 16:00:31 charpak slapd[23821]: >>> dnPrettyNormal: <cn=config> Feb 7 16:00:31 charpak slapd[23821]: <<< dnPrettyNormal: <cn=config>, <cn=config> Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=1 modifications: Feb 7 16:00:31 charpak slapd[23821]: add: olcTLSCACertificatePath Feb 7 16:00:31 charpak slapd[23821]: one value, length 14 Feb 7 16:00:31 charpak slapd[23821]: add: olcTLSCertificateFile Feb 7 16:00:31 charpak slapd[23821]: one value, length 28 Feb 7 16:00:31 charpak slapd[23821]: add: olcTLSCertificateKeyFile Feb 7 16:00:31 charpak slapd[23821]: one value, length 27 Feb 7 16:00:31 charpak slapd[23821]: add: olcTLSCipherSuite Feb 7 16:00:31 charpak slapd[23821]: one value, length 6 Feb 7 16:00:31 charpak slapd[23821]: replace: olcTLSVerifyClient Feb 7 16:00:31 charpak slapd[23821]: one value, length 5 Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=1 MOD dn="cn=config" Feb 7 16:00:31 charpak slapd[23821]: conn=1000 op=1 MOD attr=olcTLSCACertificatePath olcTLSCertificateFile olcTLSCertificateKeyFile olcTLSCipherSuite olcTLSVerifyClient Feb 7 16:00:31 charpak slapd[23821]: <= acl_access_allowed: granted to database root Feb 7 16:00:31 charpak slapd[23821]: oc_check_required entry (cn=config), objectClass "olcGlobal" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "objectClass" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "cn" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcConfigFile" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcConfigDir" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcArgsFile" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcAttributeOptions" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcAuthzPolicy" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcAuthzRegexp" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcConcurrency" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcConnMaxPending" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcConnMaxPendingAuth" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcGentleHUP" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcIdleTimeout" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcIndexSubstrIfMaxLen" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcIndexSubstrIfMinLen" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcIndexSubstrAnyLen" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcIndexSubstrAnyStep" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcIndexIntLen" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcLocalSSF" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcPidFile" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcReadOnly" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcReverseLookup" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcSaslHost" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcSaslSecProps" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcServerID" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcSockbufMaxIncoming" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcSockbufMaxIncomingAuth" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcThreads" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcToolThreads" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcWriteTimeout" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "structuralObjectClass" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "entryUUID" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "creatorsName" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "createTimestamp" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcTLSCACertificatePath" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcTLSCertificateFile" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcTLSCertificateKeyFile" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcTLSCipherSuite" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcTLSVerifyClient" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "entryCSN" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "modifiersName" Feb 7 16:00:31 charpak slapd[23821]: oc_check_allowed type "modifyTimestamp" Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor Feb 7 16:00:31 charpak slapd[23821]: daemon: activity on: Feb 7 16:00:31 charpak slapd[23821]: Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8 active_threads=0 tvp=zero Feb 7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9 active_threads=0 tvp=zero

Any hints?