Hi everyone
I tried to get the smbk5pwd overlay working on SLES11 (openldap 2.4.26). Unfortunately the slapd server crashes when I try to change a password as soon as the overlay is enabled. Running the server either with strace or gdb shows the following as cause for the crash: mods.c:64: modify_add_values: Assertion `mod->sm_numvals == i' failed. To build the smbk5pwd on SLES I patched the original spec file and the Makefile for smbk5pwd to enable only Shadow- and LM/NT-Hash password synchronization (no Kerberos/Heimdal support). Other overlays in the stack are (in their respective order): * syncprov * dynlist * unique * (smbk5pwd) * ppolicy (disabling this does not help) Has anyone seen this problem? How can/should I proceed to (help) debug this bug? Thanks in advance, Best regards, Tiziano
-- stepping stone GmbH Neufeldstrasse 9 CH-3012 Bern
Telefon: +41 31 332 53 63 www.stepping-stone.ch tiziano.mueller@stepping-stone.ch
2012/1/27 "Tiziano Müller" tiziano.mueller@stepping-stone.ch:
To build the smbk5pwd on SLES I patched the original spec file and the Makefile for smbk5pwd to enable only Shadow- and LM/NT-Hash password synchronization (no Kerberos/Heimdal support).
Hi,
I do not have the answer to your problem, but would just let you know that you don't need to patch the Makefile to disable Kerberos support. Just use the DEFS parameter in the make command:
make "DEFS=-DDO_SAMBA -DDO_SHADOW"
Clément.
Hi Clément
Thanks for the reply, but unfortunately the Makefile has a number of problems: * The content of HEIMDAL_LIB ends up in the linker whether or not DO_KRB5 is given, making the compiler link against -lkrb5 -lkadm5srv which fails if heimdal is not installed * CFLAGS are ignored for compiling * While the header files from the openldap source tree are used, it still looks for the libraries in the system which are either not yet installed or if they are the symlinks "libldap_r.so -> libldap_r-2.4.so.2" do not necessarily exist, resulting in build failure. Concrete, the following is needed in LDAP_LIB: "-L../../../libraries/libldap_r"
Cheers, Tiziano
"Clément OUDOT" clem.oudot@gmail.com hat am 27. Januar 2012 um 14:08 geschrieben:
2012/1/27 "Tiziano Müller" tiziano.mueller@stepping-stone.ch:
To build the smbk5pwd on SLES I patched the original spec file and the Makefile for smbk5pwd to enable only Shadow- and LM/NT-Hash password synchronization (no Kerberos/Heimdal support).
Hi,
I do not have the answer to your problem, but would just let you know that you don't need to patch the Makefile to disable Kerberos support. Just use the DEFS parameter in the make command:
make "DEFS=-DDO_SAMBA -DDO_SHADOW"
Clément.--
stepping stone GmbH Neufeldstrasse 9 CH-3012 Bern
Telefon: +41 31 332 53 63 www.stepping-stone.ch tiziano.mueller@stepping-stone.ch
2012/1/27 "Tiziano Müller" tiziano.mueller@stepping-stone.ch:
Hi Clément
Thanks for the reply, but u nfortunately the Makefile has a number of problems:
- The content of HEIMDAL_LIB ends up in the linker whether or not DO_KRB5 is
given, making the compiler link against -lkrb5 -lkadm5srv which fails if heimdal is not installed
CFLAGS are ignored for compiling
While the header files from the openldap source tree are used, it still
looks for the libraries in the system which are either not yet installed or if they are the symlinks "libldap_r.so -> libldap_r-2.4.so.2" do not necessarily exist, resulting in build failure. Concrete, the following is needed in LDAP_LIB: "-L../../../libraries/libldap_r"
Yes you are right. My complete make command is the following:
make %{?_smp_mflags} "DEFS=-DDO_SAMBA -DDO_SHADOW" "LDAP_LIB=-L%{_builddir}/%{real_name}-%{real_version}/libraries/liblber/.libs/ -L%{_builddir}/%{real_name}-%{real_version}/libraries/libldap_r/.libs/ -lldap_r -llber" "prefix=%{ldapserverdir}"
You can find it in LDAP Tool Box RPM spec file, see http://tools.ltb-project.org/projects/ltb/repository/entry/openldap-rpm/trun...
Clément.
Hi!
At Fri, 27 Jan 2012 13:32:32 +0100 (CET), Tiziano Müller wrote:
I tried to get the smbk5pwd overlay working on SLES11 (openldap 2.4.26). Unfortunately the slapd server crashes when I try to change a password as soon as the overlay is enabled. Running the server either with strace or gdb shows the following as cause for the crash: mods.c:64: modify_add_values: Assertion `mod->sm_numvals == i' failed.
It's my fault. Sorry. Please apply the attached patch and retry.
OpenLDAP developers, could you merge this patch to the upstream?
--On Saturday, January 28, 2012 2:19 AM +0900 SATOH Fumiyasu fumiyas@osstech.jp wrote:
Hi!
At Fri, 27 Jan 2012 13:32:32 +0100 (CET), Tiziano Müller wrote:
I tried to get the smbk5pwd overlay working on SLES11 (openldap 2.4.26). Unfortunately the slapd server crashes when I try to change a password as soon as the overlay is enabled. Running the server either with strace or gdb shows the following as cause for the crash: mods.c:64: modify_add_values: Assertion `mod->sm_numvals == i' failed.
It's my fault. Sorry. Please apply the attached patch and retry.
OpenLDAP developers, could you merge this patch to the upstream?
Please submit the patch you want merged via the ITS system.
http://www.openldap.org/devel/contributing.html
--Quanah
--
Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
I've filed this bug and the patch as ITS#7138. Thanks.
http://www.openldap.org/its/index.cgi?findid=7138 ftp://ftp.openldap.org/incoming/openldap-2.4.28-smbk5pwd-fix-shadow-support.patch
At Fri, 27 Jan 2012 11:16:39 -0800, Quanah Gibson-Mount wrote:
I tried to get the smbk5pwd overlay working on SLES11 (openldap 2.4.26). Unfortunately the slapd server crashes when I try to change a password as soon as the overlay is enabled. Running the server either with strace or gdb shows the following as cause for the crash: mods.c:64: modify_add_values: Assertion `mod->sm_numvals == i' failed.
It's my fault. Sorry. Please apply the attached patch and retry.
OpenLDAP developers, could you merge this patch to the upstream?
Please submit the patch you want merged via the ITS system.
Hi Fumiya Sorry for the late reply. Finally managed to test the patch with 2.4.26 and it works perfectly. Thanks a lot! Best regards, Tiziano
SATOH Fumiyasu fumiyas@osstech.jp hat am 27. Januar 2012 um 18:19 geschrieben:
Hi!
At Fri, 27 Jan 2012 13:32:32 +0100 (CET), Tiziano Müller wrote:
I tried to get the smbk5pwd overlay working on SLES11 (openldap 2.4.26). Unfortunately the slapd server crashes when I try to change a password as soon as the overlay is enabled. Running the server either with strace or gdb shows the following as cause for the crash: mods.c:64: modify_add_values: Assertion `mod->sm_numvals == i' failed.
It's my fault. Sorry. Please apply the attached patch and retry.
OpenLDAP developers, could you merge this patch to the upstream?
-- -- Name: SATOH Fumiyasu (fumiyas @ osstech co jp) -- Business Home: http://www.OSSTech.co.jp/ -- Personal Home: http://www.SFO.jp/blog/--
stepping stone GmbH Neufeldstrasse 9 CH-3012 Bern
Telefon: +41 31 332 53 63 www.stepping-stone.ch tiziano.mueller@stepping-stone.ch
openldap-technical@openldap.org
-
"Tiziano Müller" -
Clément OUDOT -
Quanah Gibson-Mount -
SATOH Fumiyasu