[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#4848) Another slapd startup segfault
Full_Name: Michael Heep
Version: 2.3.34
OS: RHES30
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (82.113.101.1)
Since I'm not sure whether this is realted to my previos ITS (4847) so I'm
filing another report as the OS and circumstances are different.
As of 2.3.34 slapd crashes on Red Hat Enterprise 3.0 during startup. The funny
thing is it only crashes on our slave, not on the master. The slave uses the
following slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
# Schema files to include
include /opt/openldap/etc/schema/core.schema
include /opt/openldap/etc/schema/cosine.schema
include /opt/openldap/etc/schema/sudo.schema
include /opt/openldap/etc/schema/nis.schema
include /opt/openldap/etc/schema/openssh-lpk.schema
include /opt/openldap/etc/schema/dyngroup.schema
# Put those into the 'ldap' user's homedir (/var/lib/ldap) because
# user 'ldap' has no write permissions in /var/run
pidfile /var/lib/ldap/slapd.pid
argsfile /var/lib/ldap/slapd.args
# Security restrictions (all operations require at least 128bit encryption)
security ssf=128 update_ssf=128 simple_bind=128
# Access control policy
# rootdn can always read/write anything!
# DO NOT MESS WITH THIS UNLESS YOU KNOW WHAT YOU’ARE DOING!
access to dn.subtree="cn=Monitor"
by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" read
access to dn.subtree="cn=accesslog"
by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" read
access to *
by dn.children="ou=Area 52,dc=o2online,dc=de" none
by dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" write
by dn.exact="cn=syncreader,dc=o2online,dc=de" read
by * break
access to attrs=userPassword
by self write
by anonymous auth
access to attrs=shadowLastChange
by self write
by * read
access to *
by * read
# Logging
loglevel 256
# Close idle connections after 120sec
idletimeout 120
# SSL/TLS Stuff
TLSCACertificateFile /opt/openldap/etc/ssl-certs/cno-ldc_ca.cert
TLSCertificateFile /opt/openldap/etc/ssl-certs/sgmldap02.cert
TLSCertificateKeyFile /opt/openldap/etc/ssl-keys/sgmldap02.key
TLSCipherSuite HIGH
TLSVerifyClient try
# Chainig overlay for automatic referral chasing (global so it affects
updaterefs!)
# chain-uri must be EXACTLY the same as updateref (ip/host, port), otherwise it
wont't work!
overlay chain
chain-uri "ldap://sgmldap01"
chain-idassert-bind bindmethod=sasl binddn="cn=syncreader,dc=o2online,dc=de"
saslmech=external mode=self
chain-tls start
########################
# Database definitions #
########################
# Database for access logging
database bdb
suffix cn=accesslog
rootdn "cn=root,cn=accesslog"
rootpw {SSHA}FORBIDDEN
directory /var/lib/ldap/openldap-accesslog
# Indices to maintain
index reqStart eq
index objectClass eq
# Checkpointing & caching
checkpoint 256 5
cachesize 1000
idlcachesize 3000
# No limits for CNO-LDC
limits dn.children="ou=CNO-LDC,ou=People,dc=o2online,dc=de" size=unlimited
time=unlimited
# Database with monitor backend for the Directory Informartion Tree
database monitor
database bdb
suffix "dc=o2online,dc=de"
rootdn "cn=root,dc=o2online,dc=de"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap/openldap-data
# Accesslog overlay - Keep logs for 30 days and purge old entries once a day
overlay accesslog
logdb cn=accesslog
logops writes
logold (objectclass=*)
logpurge 30+00:00 01+00:00
# Indices to maintain
# WARNING: If you add indices stop slapd, run slapindex, then start slapd!
# Otherwise you'll experience problems like searches returning improper
results.
index objectClass eq
index entryCSN eq
index entryUUID eq
index sudoUser pres,eq,sub
index uid,cn pres,eq,sub
index uidNumber eq
index gidNumber eq
index memberUid eq
index uniqueMember eq
index host eq
## Syncrepl provider settings
#overlay syncprov
#syncprov-checkpoint 50 5
#syncprov-sessionlog 100
# Syncrepl consumer settings
# Set attrs="*,+" or don't configure it at all to also replicate all operational
attributes
# (createTimestamp, creatorsName, modifiersName, modifyTimestamp, etc.)
syncrepl rid=100
provider=ldap://sgmldap01
type=refreshAndPersist
interval=00:00:00:10
retry="60 10 300 +"
searchbase="dc=o2online,dc=de"
filter="(objectclass=*)"
scope=sub
attrs="*,+"
schemachecking=on
starttls=critical
bindmethod=sasl
saslmech="external"
# URL to return to clients which submit update requests
updateref ldap://sgmldap01
# No limits for the "syncreader" account
limits dn.exact="cn=syncreader,dc=o2online,dc=de" size=unlimited
time=unlimited
# Caches & Checkpointing (see slapd-bdb(5) manual)
cachesize 10000
idlcachesize 30000
checkpoint 1024 5
# Attribute uniqueness overlay for POSIX accounts
overlay unique
unique_base "ou=People,dc=o2online,dc=de"
unique_attributes uid uidNumber
# Dynlist overlay to dynamically add members to groups through memberURLs
overlay dynlist
dynlist-attrset extensibleObject memberURL uniqueMember
# Value sorting overlay
overlay valsort
valsort-attr uniqueMember dc=o2online,dc=de alpha-ascend
valsort-attr host dc=o2online,dc=de alpha-ascend
# Allow Proxy Authorization
authz-policy to
# SASL rewrite rules
authz-regexp
email=[we want no spam]@o2.com,cn=sgmldap([0-9]*),ou=cno-ldc,o=o2\
germany,l=frankfurt,st=hessen,c=de
cn=syncreader,dc=o2online,dc=de
The master's conf is basically the same. Just overlay chain + syncrepl
commaneted out and overlay syncprov commented in. Uncommenting the following
directives results in a clean startup:
## Syncrepl provider settings
#overlay syncprov
#syncprov-checkpoint 50 5
#syncprov-sessionlog 100
Here's the gdb dump:
(gdb) file ./slapd
Reading symbols from /home/heepm/slapd...done.
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(gdb) run -u ldap -f /opt/openldap/etc/slapd.conf -h "ldap:/// ldaps:///"
Starting program: /home/heepm/slapd -u ldap -f /opt/openldap/etc/slapd.conf -h
"ldap:/// ldaps:///"
[Thread debugging using libthread_db enabled]
[New Thread -1218506624 (LWP 29908)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1218506624 (LWP 29908)]
0x0062ff95 in memmove () from /lib/tls/libc.so.6
(gdb) bt full
#0 0x0062ff95 in memmove () from /lib/tls/libc.so.6
No symbol table info available.
#1 0x0817722a in rdn2str (rdn=0x901ea28, str=0x901ed12 "", flags=272,
len=0x90177e2, s2s=0x8176420 <strval2str>) at getdn.c:2571
iAVA = 0
l = 3
#2 0x08177dfc in ldap_dn2bv_x (dn=0x901ebe0, bv=0x901e854, flags=272, ctx=0x0)
at getdn.c:3044
rdnl = 10
iRDN = 1
rc = -3
len = 28
l = 10
sv2l = (int (*)(struct berval *, unsigned int, ber_len_t *)) 0x8176130
<strval2strlen>
sv2s = (int (*)(struct berval *, char *, unsigned int, ber_len_t *))
0x8176420 <strval2str>
#3 0x08095479 in dnNormalize (use=0, syntax=0x0, mr=0x0, val=0xbfffb098,
out=0x901e854, ctx=0x0) at dn.c:627
dn = 0x901ebe0
rc = 0
#4 0x081516c5 in unique_config (be=0x90177e2, fname=0x8fd9018
"/opt/openldap/etc/slapd.conf", lineno=156, argc=2, argv=0x9006ff8)
at unique.c:151
bv = {bv_len = 27, bv_val = 0x901e7fd "ou=People,dc=o2online,dc=de"}
on = (slap_overinst *) 0x90177e2
ud = (unique_data *) 0x901e848
up = (unique_attrs *) 0xbfffb098
text = 0xbfffb21c "/opt/openldap/etc/slapd.conf: line 156"
ad = (AttributeDescription *) 0x6030a4
i = 7256760
#5 0x080ddb1a in over_db_config (be=0x901e040, fname=0x8fd9018
"/opt/openldap/etc/slapd.conf", lineno=156, argc=2, argv=0x9006ff8)
at backover.c:157
on2 = (slap_overinst *) 0x0
onp = (slap_overinst **) 0x81512c0
be2 = {bd_info = 0x0, be_ctrls = '\0' <repeats 32 times>, be_flags = 0,
be_restrictops = 0, be_requires = 0, be_ssf_set = {
sss_ssf = 0, sss_transport = 0, sss_tls = 0, sss_sasl = 0, sss_update_ssf =
0, sss_update_transport = 0, sss_update_tls = 0,
sss_update_sasl = 0, sss_simple_bind = 0}, be_suffix = 0x0, be_nsuffix =
0x0, be_schemadn = {bv_len = 0, bv_val = 0x0},
be_schemandn = {bv_len = 0, bv_val = 0x0}, be_rootdn = {bv_len = 0, bv_val =
0x0}, be_rootndn = {bv_len = 0, bv_val = 0x0},
be_rootpw = {bv_len = 0, bv_val = 0x0}, be_max_deref_depth = 0, be_def_limit =
{lms_t_soft = 0, lms_t_hard = 0, lms_s_soft = 0,
lms_s_hard = 0, lms_s_unchecked = 0, lms_s_pr = 0, lms_s_pr_hide = 0,
lms_s_pr_total = 0}, be_limits = 0x0, be_acl = 0x0,
be_dfltaccess = ACL_NONE, be_replica = 0x0, be_replogfile = 0x0, be_update_ndn
= {bv_len = 0, bv_val = 0x0},
be_update_refs = 0x0, be_pending_csn_list = 0x0, be_pcl_mutex = {__m_reserved
= 0, __m_count = 0, __m_owner = 0x0, __m_kind = 0,
__m_lock = {__status = 0, __spinlock = 0}}, be_pcl_mutexp = 0x0, be_syncinfo
= 0x0, be_pb = 0x0, be_cf_ocs = 0x0,
be_private = 0x0, be_next = {stqe_next = 0x0}}
i = 0
oi2 = (slap_overinfo *) 0x90177e2
oi = (slap_overinfo *) 0x901e4f8
on = (slap_overinst *) 0x901ebf8
be_cf_ocs = (struct ConfigOCs *) 0x82a0900
ca = {argc = 2, argv = 0x9006ff8, argv_size = 0, line = 0x0, tline =
0x0,
fname = 0x8fd9018 "/opt/openldap/etc/slapd.conf", lineno = 156,
log = "/opt/openldap/etc/slapd.conf: line 156", '\0' <repeats 4085 times>, msg
= '\0' <repeats 255 times>, depth = 0, valx = 0,
values = {v_int = 0, v_long = 0, v_ber_t = 0, v_string = 0x0, v_bv = {bv_len =
0, bv_val = 0x0}, v_dn = {vdn_dn = {bv_len = 0,
bv_val = 0x0}, vdn_ndn = {bv_len = 0, bv_val = 0x0}}}, rvalue_vals =
0x0, rvalue_nvals = 0x0, op = 0, type = 0,
---Type <return> to continue, or q <return> to quit---
be = 0x901e040, bi = 0x0, ca_entry = 0x0, private = 0x0, cleanup = 0}
rc = -1026
#6 0x0807918f in read_config_file (fname=0x8fd9018
"/opt/openldap/etc/slapd.conf", depth=0, cf=0x9007800, cft=0x829bea0)
at config.c:807
fp = (FILE *) 0x9007800
ct = (ConfigTable *) 0x90177e2
c = (ConfigArgs *) 0x9005e80
rc = 151019136
s = {st_dev = 26626, __pad1 = 0, st_ino = 229380, st_mode = 33184,
st_nlink = 1, st_uid = 0, st_gid = 55, st_rdev = 0,
__pad2 = 0, st_size = 5199, st_blksize = 4096, st_blocks = 16, st_atim =
{tv_sec = 1172158204, tv_nsec = 0}, st_mtim = {
tv_sec = 1171993893, tv_nsec = 0}, st_ctim = {tv_sec = 1171993893, tv_nsec =
0}, __unused4 = 0, __unused5 = 0}
#7 0x0807357e in read_config (fname=0x8fd9018 "/opt/openldap/etc/slapd.conf",
dir=0x8fd9018 "/opt/openldap/etc/slapd.conf")
at bconfig.c:3077
st = {st_dev = 7, __pad1 = 50360, st_ino = 135507850, st_mode =
150982944, st_nlink = 3221210280, st_uid = 1,
st_gid = 150983096, st_rdev = 588336130853561644, __pad2 = 50360, st_size =
134901884, st_blksize = 136982680, st_blocks = 0,
st_atim = {tv_sec = -1073756936, tv_nsec = 134933086}, st_mtim = {tv_sec = 0,
tv_nsec = 24582}, st_ctim = {tv_sec = -1073756952,
tv_nsec = 135684567}, __unused4 = 136990016, __unused5 = 0}
be = (BackendDB *) 0x9005bb8
cfb = (CfBackInfo *) 0x9005cc0
cfdir = 0x901ea60 "\002"
cfname = 0x8fd9018 "/opt/openldap/etc/slapd.conf"
rc = 151018424
#8 0x0806c445 in main (argc=7, argv=0xbfffc614) at main.c:667
val = 0x0
opt = {bv_len = 3221210504,
bv_val = 0x822db6e
"\215\223\024\207ÿÿ\215\213\024\207ÿÿ)ÊÁú\0021ö9Ös\017\211×\220ÿ\224³\024\207ÿÿF9þrô\203Ä\f[^_ÉÃU\211åVSè"}
i = 0
i = 136960888
no_detach = 0
rc = 0
urls = 0x8fd9040 "ldap:/// ldaps:///"
username = 0x8fd9008 "ACI Item"
groupname = 0x0
sandbox = 0x0
syslogUser = 160
configfile = 0x8fd9018 "/opt/openldap/etc/slapd.conf"
configdir = 0x0
serverName = 0xbfffec31 "slapd"
scp = (struct sync_cookie *) 0x829db78
scp_entry = (struct sync_cookie *) 0x90177e2
debug_unknowns = (char **) 0x0
syslog_unknowns = (char **) 0x0
serverNamePrefix = 0x90177e2 ""
slapd_pid_file_unlink = 0
slapd_args_file_unlink = 0
With kind regards
Michael Heep