[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd seg faults when 'ppolicy_default' is enabled

I'm not a ppolicy user, so that output might be blatantly obvious to someone else. But from where I sit, I'd imagine that a copy of "cn=swaPasswordPolicy,ou=Policies,dc=swa,dc=com" would be helpful--especially since slapd seems to be crashing awfully close to where it would be parsing the policy.

Additionally, I note there's a 2.3.39 fix to ppolicy; you should try with that and report.

On Mon, 10 Dec 2007, R.B. wrote:

Hi;

I'm in the process of configuring ppolicy for OpenLDAP using Buchan's
RPMs and it seems that after adding my policy and enabling it in my
slapd.conf file, slapd seg faults (see output below). If I uncomment
the 'ppolicy_default' line, the server starts fine and continues to
serve.

Help?

Thank you!

Rafael


OS: RHEL4
OpenLDAP: 2.3.38 - buchan's RPMs for RHEL4

Output:
########
-bash-3.00# slapd2.3 -u ldap -g ldap -l LOCAL0 -s 0 -f etc/slapd.conf
-h ldap:/// -d 1
@(#) $OpenLDAP: slapd 2.3.38 (Aug 23 2007 12:54:24) $
       bgmilne@build.telkomsa.net:/home/bgmilne/rpm/BUILD/openldap-2.3.38/servers/slapd
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: listener initialized ldap:///
daemon_init: 2 listeners opened
slapd2.3 init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
hdb_back_initialize: initialize HDB backend
hdb_back_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
bdb_db_init: Initializing BDB database
dnPrettyNormal: <dc=swa,dc=com>
<<< dnPrettyNormal: <dc=swa,dc=com>, <dc=swa,dc=com>
dnPrettyNormal: <cn=Manager,dc=swa,dc=com>
<<< dnPrettyNormal: <cn=Manager,dc=swa,dc=com>, <cn=manager,dc=swa,dc=com>
dnPrettyNormal: <cn=swaPasswordPolicy,ou=Policies,dc=swa,dc=com> 
<<< dnPrettyNormal: <cn=swaPasswordPolicy,ou=Policies,dc=swa,dc=com>,
<cn=swapasswordpolicy,ou=policies,dc=swa,dc=com>
==> ppolicy_cf_default
==> ppolicy_cf_default add
dnNormalize: <cn=Subschema> 
Segmentation fault
########

slapd.conf:
########
include /usr/share/openldap2.3/schema/core.schema
include /usr/share/openldap2.3/schema/cosine.schema
include /usr/share/openldap2.3/schema/inetorgperson.schema
include /usr/share/openldap2.3/schema/nis.schema
include /usr/share/openldap2.3/schema/misc.schema
include /usr/share/openldap2.3/schema/corba.schema
include /usr/share/openldap2.3/schema/openldap.schema
include /usr/share/openldap2.3/schema/ppolicy.schema

access to attrs=shadowLastChange,userPassword
       by self write
       by anonymous auth
       by * none

access to *
       by * read

pidfile         /cluster/agis-ldap/ldap-master/var/run/slapd.pid
argsfile        /cluster/agis-ldap/ldap-master/var/run/slapd.args

modulepath      /usr/lib/openldap2.3

moduleload     ppolicy.la

loglevel 1

database        bdb
suffix          "dc=swa,dc=com"
rootdn          "cn=Manager,dc=swa,dc=com"

rootpw    {SSHA}xxxxx

directory       /cluster/agis-ldap/ldap-master/var/lib/ldap

overlay ppolicy
ppolicy_default "cn=swaPasswordPolicy,ou=Policies,dc=swa,dc=com"
ppolicy_use_lockout

cachesize 100000
idlcachesize 100000

checkpoint 256 5

index   objectClass                                             eq
index   ou,cn,mail,givenname                                    eq,subinitial
index   uidNumber,gidNumber,memberUid,loginShell                eq
index   uid                                                     eq,subinitial
########