On 2.5.12, slapd crashes during bind operations on relay entries with rwm and ppolicy both enabled. A simple way to reproduce this issue is to edit tests/scripts/relay and tests/data/slapd-relay.conf as follows, and then run test030-relay. I think this issue is the same as ITS#7966 reported in 2014. --- tests/scripts/relay.orig 2022-05-04 07:57:30.000000000 -0700 +++ tests/scripts/relay 2022-06-23 17:16:42.020652093 -0700 @@ -356,6 +356,16 @@ exit 1 fi +$LDAPADD -D "$MANAGERDN" -H $URI1 -w $PASSWD <<EOF > /dev/null 2>&1 +dn: cn=ppolicy,dc=example,dc=com +objectClass: top +objectClass: device +objectClass: pwdPolicy +cn: ppolicy +pwdMinLength: 5 +pwdAttribute: userPassword +EOF + BASEDN="o=Example,c=US" echo "Changing password to database \"$BASEDN\"..." $LDAPPASSWD -H $URI1 -D "cn=Manager,$BASEDN" -w $PASSWD \ --- tests/data/slapd-relay.conf.orig 2022-05-04 07:57:30.000000000 -0700 +++ tests/data/slapd-relay.conf 2022-06-23 16:57:15.184456120 -0700 @@ -31,6 +31,8 @@ #metamod#moduleload back_meta.la #rwmmod#modulepath ../servers/slapd/overlays/ #rwmmod#moduleload rwm.la +#ppolicymod#modulepath ../servers/slapd/overlays/ +#ppolicymod#moduleload ppolicy.la ####################################################################### # database definitions @@ -46,6 +48,9 @@ #ndb#dbname db_1 #ndb#include @DATADIR@/ndb.conf +overlay ppolicy +ppolicy_default cn=ppolicy,dc=example,dc=com + database @RELAY@ suffix "o=Example,c=US" ### back-relay can automatically instantiate the rwm overlay
Thanks for the test case. Fixed in https://git.openldap.org/openldap/openldap/-/merge_requests/543 Please test and followup, thanks.
*** Issue 7966 has been marked as a duplicate of this issue. ***
On 6/24/22 11:51 AM, openldap-its@openldap.org wrote: > --- Comment #1 from Howard Chu <hyc@openldap.org> --- > Thanks for the test case. Fixed in > https://git.openldap.org/openldap/openldap/-/merge_requests/543 > > Please test and followup, thanks. I applied those code changes to 2.5.12 and it works. Thanks for the quick response Howard! Regards, -Kartik
head: • 4e3687cd by Howard Chu at 2022-06-24T16:49:45+01:00 ITS#9871 slapo-ppolicy: use explicit backend in bind_response
RE26: • 3e7003c0 by Howard Chu at 2022-06-29T17:49:43+00:00 ITS#9871 slapo-ppolicy: use explicit backend in bind_response RE25: • 6a95709a by Howard Chu at 2022-06-29T17:51:59+00:00 ITS#9871 slapo-ppolicy: use explicit backend in bind_response