I sent this twice before realizing I was sending from another email address that isn't on the list. I don't know if emails from non-subscribers are moderated or just dropped, but in any case, I'm very sorry if those emails show up on the list as duplicates.
I'm trying to get a setup of Kerberos and LDAP working. LDAP works fine with plain authentication and everything seems to be set up correctly, but when I try to use GSSAPI authentication, slapd crashes. Application Versions: openldap 2.3.40 heimdal 1.0.1
Server log from startup to crash: May 17 21:50:07 Lagbox slapd[11161]: @(#) $OpenLDAP: slapd 2.3.40 (Jan 15 2008 23:41:27) $ nobody@tk-gwa:/build/src/openldap-2.3.40/servers/slapd May 17 21:50:07 Lagbox slapd[11161]: /etc/openldap/slapd.conf: line 139: "attr" is deprecated (and undocumented); use "attrs" instead. May 17 21:50:07 Lagbox slapd[11161]: /etc/openldap/slapd.conf: line 144: "attr" is deprecated (and undocumented); use "attrs" instead. May 17 21:50:07 Lagbox slapd[11162]: bdb_db_open: unclean shutdown detected; attempting recovery. May 17 21:50:07 Lagbox slapd[11162]: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/openldap/openldap-data: (2) Expect poor performance for suffix dc=wileynetworks,dc=org. May 17 21:50:07 Lagbox slapd[11162]: slapd starting May 17 21:51:04 Lagbox slapd[11162]: conn=0 fd=14 ACCEPT from IP= 127.0.0.1:54066 (IP=0.0.0.0:389) May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=0 SRCH attr=supportedSASLMechanisms May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text= May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=1 BIND dn="" method=163 May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=1 RESULT tag=97 err=14 text= May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=2 BIND dn="" method=163 May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=2 RESULT tag=97 err=14 text= May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=3 BIND dn="" method=163 May 17 21:51:05 Lagbox slapd[11165] general protection eip:b7abeb05 esp:b6c80df0 error:0
Search command that causes crash: [arew264@Lagbox ~]$ ldapsearch -H ldap://localhost/ -b dc=wileynetworks,dc=org SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1) [arew264@Lagbox ~]$
Attached: slapd.conf
Note: I am leaving all names intact here because this is a test setup and not any sort of production server.
The user that ran the search command is in kerberos and had run kinit and gotten a ticket before running the search. With just a crash and no error messages, I don't know where to start in tracking this down.
Andrew Wiley
openldap-technical@openldap.org