consumer abort with chain overlay - openldap-technical

23 Feb 2018


      hallo ,
i'm not sure if I it is a configuration failure or a openldap error.
I have tested this with centos 7 , original RPM, SLES12SP3 and the
ltb-project binäries. Every enviroment failed.
this is a setup consumer / provider with chain overlay and proxyauth.
a minimized slapd.conf global section
...
authz-policy            to
overlay                 chain
chain-uri               "ldap://ldap1.example.test"
chain-rebind-as-user    FALSE
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=chainadmin,dc=example,dc=test"
                        credentials="secret"
                        mode=legacy
                        flags=override
chain-return-error      TRUE
...
the java code snipplet which makes a connection and then switch the
proxyauth and make a password change.
---
       try {
        LDAPConnection connection = openLDAPConnection();
BindRequest bindRequest = new SimpleBindRequest(modDN, oldPwd,
new DraftBeheraLDAPPasswordPolicy10RequestControl());
        BindResult bindResult = connection.bind(bindRequest);
        DraftBeheraLDAPPasswordPolicy10ResponseControl pwpResponse =
DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
        DraftBeheraLDAPPasswordPolicy10WarningType warningType =
pwpResponse.getWarningType();
System.out.println("Bind Result " + bindResult.toString());
System.out.println("PwdResponse " + pwpResponse.toString());
connection.close();
        connection = openLDAPConnection();
Control[] controls = { new
ProxiedAuthorizationV2RequestControl("dn:" + modDN) };
        PasswordModifyExtendedRequest passwordModifyRequest = new
PasswordModifyExtendedRequest(modDN, oldPwd, newPwd, controls);
        PasswordModifyExtendedResult passwordModifyResult =
(PasswordModifyExtendedResult) connection
                .processExtendedOperation(passwordModifyRequest);
System.out.println("passwordModifyResult " +
passwordModifyResult.toString());
connection.close();
        connection = openLDAPConnection();
bindRequest = new SimpleBindRequest(modDN, newPwd, new
DraftBeheraLDAPPasswordPolicy10RequestControl());
        bindResult = connection.bind(bindRequest);
        pwpResponse =
DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
        warningType = pwpResponse.getWarningType();
System.out.println("Bind Result " + bindResult.toString());
        System.out.println("PwdResponse " + pwpResponse.toString());
}
the gdb output of the crash is here:
5a8c6d3d conn=1001 op=1 RESULT oid= err=123 text=not authorized to
assume identity
*** Error in `/usr/local/openldap/libexec/slapd': munmap_chunk():
invalid pointer: 0x00007f2b14100986 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7ada4)[0x7f2d8a9d7da4]
/usr/local/openldap/libexec/slapd(ldap_back_controls_free+0xc1)[0x5181a1]
/usr/local/openldap/libexec/slapd[0x522ba8]
/usr/local/openldap/libexec/slapd[0x51a959]
/usr/local/openldap/libexec/slapd[0x51c193]
/usr/local/openldap/libexec/slapd[0x4a5118]
/usr/local/openldap/libexec/slapd[0x44f286]
/usr/local/openldap/libexec/slapd[0x44f787]
/usr/local/openldap/libexec/slapd(slap_send_ldap_extended+0xc0)[0x450880]
/usr/local/openldap/libexec/slapd(fe_extended+0xba)[0x46f26a]
/usr/local/openldap/libexec/slapd(overlay_op_walk+0x92)[0x4a5c42]
/usr/local/openldap/libexec/slapd[0x4a5d7e]
/usr/local/openldap/libexec/slapd(do_extended+0x24e)[0x46efbe]
/usr/local/openldap/libexec/slapd[0x4407ee]
/usr/local/openldap/libexec/slapd[0x440aca]
/usr/local/openldap/libexec/slapd[0x590769]
/lib64/libpthread.so.0(+0x7dc5)[0x7f2d8be00dc5]
/lib64/libc.so.6(clone+0x6d)[0x7f2d8aa5473d]
======= Memory map: ========
00400000-00683000 r-xp 00000000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00882000-00883000 r--p 00282000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00883000-00893000 rw-p 00283000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00893000-00939000 rw-p 00000000 00:00 0
022d2000-02768000 rw-p 00000000 00:00 0
[heap]
7f2b14000000-7f2b1411f000 rw-p 00000000 00:00 0
7f2b1411f000-7f2b18000000 ---p 00000000 00:00 0
7f2b1afff000-7f2b1c000000 rw-p 00000000 00:00 0
7f2b1c000000-7f2b1c021000 rw-p 00000000 00:00 0
7f2b1c021000-7f2b20000000 ---p 00000000 00:00 0
7f2b20000000-7f2b20117000 rw-p 00000000 00:00 0
7f2b20117000-7f2b24000000 ---p 00000000 00:00 0
7f2b24000000-7f2b24021000 rw-p 00000000 00:00 0
I'm not sure if it is a known bug or misconfiguration. If someone wants
the java testprogram i'll can send it per pm or give a download link.
best regards
Michael
-- 
Michael Wandel
Braakstraße 43
33647 Bielefeld