ldapmodify is crashing the slapd process - openldap-technical

7 Feb 2012


      Hi everyone,
I am trying to do a number of changes into the configuration database
using the following ldif entries:
dn: cn=config
changetype: modify
add: olcTLSCACertificatePath
olcTLSCACertificatePath: /etc/ssl/certs
-
add: olcTLSCertificateFile
olcTLSCertificateFile: /etc/openldap/ssl/slapd.cert
-
add: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /etc/openldap/ssl/slapd.key
-
add: olcTLSCipherSuite
olcTLSCipherSuite: AES256
-
replace: olcTLSVerifyClient
olcTLSVerifyClient: allow
-
When running the ldapmodify command as follow:
ldapmodify -f tlsmods.ldir -D cn=config -H ldapi:/// -x -W
the slapd process is crashing. I tried to gather some info into the
syslog using -s 255 and I cannot find any hints why the process is
crashing. I am running OpenLDAP 2.4.24 and here are the entries
generated in the syslog after the ldapmodify command:
Feb  7 16:00:27 charpak ldapmodify: mdns: Couldn't open nss_mdns
configuration file /etc/nss_mdns.conf, using default.
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on:
Feb  7 16:00:31 charpak slapd[23821]: 
Feb  7 16:00:31 charpak slapd[23821]: slap_listener_activate(9): 
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9 busy
Feb  7 16:00:31 charpak slapd[23821]: >>> slap_listener(ldapi://%2fvar%
2frun%2fopenldap%2fslapd.sock)
Feb  7 16:00:31 charpak slapd[23821]: daemon: listen=9, new connection
on 15
Feb  7 16:00:31 charpak slapd[23821]: daemon: added 15r (active)
listener=(nil)
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 fd=15 ACCEPT from
PATH=/var/run/openldap/slapd.sock (PATH=/var/run/openldap/slapd.sock)
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on:
Feb  7 16:00:31 charpak slapd[23821]: 
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on:
Feb  7 16:00:31 charpak slapd[23821]:  15r
Feb  7 16:00:31 charpak slapd[23821]: 
Feb  7 16:00:31 charpak slapd[23821]: daemon: read active on 15
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: connection_get(15)
Feb  7 16:00:31 charpak slapd[23821]: connection_get(15): got
connid=1000
Feb  7 16:00:31 charpak slapd[23821]: connection_read(15): checking for
input on id=1000
Feb  7 16:00:31 charpak slapd[23821]: op tag 0x60, time 1328648431
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=0 do_bind
Feb  7 16:00:31 charpak slapd[23821]: >>> dnPrettyNormal: <cn=config>
Feb  7 16:00:31 charpak slapd[23821]: <<< dnPrettyNormal: <cn=config>,
<cn=config>
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=0 BIND dn="cn=config"
method=128
Feb  7 16:00:31 charpak slapd[23821]: do_bind: version=3 dn="cn=config"
method=128
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=0 BIND dn="cn=config"
mech=SIMPLE ssf=0
Feb  7 16:00:31 charpak slapd[23821]: do_bind: v3 bind: "cn=config" to
"cn=config"
Feb  7 16:00:31 charpak slapd[23821]: send_ldap_result: conn=1000 op=0
p=3
Feb  7 16:00:31 charpak slapd[23821]: send_ldap_result: err=0 matched=""
text=""
Feb  7 16:00:31 charpak slapd[23821]: send_ldap_response: msgid=1 tag=97
err=0
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=0 RESULT tag=97 err=0
text=
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on:
Feb  7 16:00:31 charpak slapd[23821]: 
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on:
Feb  7 16:00:31 charpak slapd[23821]:  15r
Feb  7 16:00:31 charpak slapd[23821]: 
Feb  7 16:00:31 charpak slapd[23821]: daemon: read active on 15
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: connection_get(15)
Feb  7 16:00:31 charpak slapd[23821]: connection_get(15): got
connid=1000
Feb  7 16:00:31 charpak slapd[23821]: connection_read(15): checking for
input on id=1000
Feb  7 16:00:31 charpak slapd[23821]: op tag 0x66, time 1328648431
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=1 do_modify
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=1 do_modify: dn
(cn=config)
Feb  7 16:00:31 charpak slapd[23821]: >>> dnPrettyNormal: <cn=config>
Feb  7 16:00:31 charpak slapd[23821]: <<< dnPrettyNormal: <cn=config>,
<cn=config>
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=1 modifications:
Feb  7 16:00:31 charpak slapd[23821]: 	add: olcTLSCACertificatePath
Feb  7 16:00:31 charpak slapd[23821]: 		one value, length 14
Feb  7 16:00:31 charpak slapd[23821]: 	add: olcTLSCertificateFile
Feb  7 16:00:31 charpak slapd[23821]: 		one value, length 28
Feb  7 16:00:31 charpak slapd[23821]: 	add: olcTLSCertificateKeyFile
Feb  7 16:00:31 charpak slapd[23821]: 		one value, length 27
Feb  7 16:00:31 charpak slapd[23821]: 	add: olcTLSCipherSuite
Feb  7 16:00:31 charpak slapd[23821]: 		one value, length 6
Feb  7 16:00:31 charpak slapd[23821]: 	replace: olcTLSVerifyClient
Feb  7 16:00:31 charpak slapd[23821]: 		one value, length 5
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=1 MOD dn="cn=config"
Feb  7 16:00:31 charpak slapd[23821]: conn=1000 op=1 MOD
attr=olcTLSCACertificatePath olcTLSCertificateFile
olcTLSCertificateKeyFile olcTLSCipherSuite olcTLSVerifyClient
Feb  7 16:00:31 charpak slapd[23821]: <= acl_access_allowed: granted to
database root
Feb  7 16:00:31 charpak slapd[23821]: oc_check_required entry
(cn=config), objectClass "olcGlobal"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"objectClass"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type "cn"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcConfigFile"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcConfigDir"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcArgsFile"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcAttributeOptions"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcAuthzPolicy"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcAuthzRegexp"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcConcurrency"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcConnMaxPending"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcConnMaxPendingAuth"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcGentleHUP"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcIdleTimeout"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcIndexSubstrIfMaxLen"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcIndexSubstrIfMinLen"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcIndexSubstrAnyLen"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcIndexSubstrAnyStep"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcIndexIntLen"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcLocalSSF"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcPidFile"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcReadOnly"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcReverseLookup"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcSaslHost"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcSaslSecProps"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcServerID"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcSockbufMaxIncoming"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcSockbufMaxIncomingAuth"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type "olcThreads"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcToolThreads"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcWriteTimeout"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"structuralObjectClass"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type "entryUUID"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"creatorsName"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"createTimestamp"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcTLSCACertificatePath"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcTLSCertificateFile"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcTLSCertificateKeyFile"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcTLSCipherSuite"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"olcTLSVerifyClient"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type "entryCSN"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"modifiersName"
Feb  7 16:00:31 charpak slapd[23821]: oc_check_allowed type
"modifyTimestamp"
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on 1 descriptor
Feb  7 16:00:31 charpak slapd[23821]: daemon: activity on:
Feb  7 16:00:31 charpak slapd[23821]: 
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=7
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=8
active_threads=0 tvp=zero
Feb  7 16:00:31 charpak slapd[23821]: daemon: epoll: listen=9
active_threads=0 tvp=zero
Any hints?
-- 
Daniel Savard