[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP + Kerberos = Crash?

I sent this twice before realizing I was sending from another email address that isn't on the list. I don't know if emails from non-subscribers are moderated or just dropped, but in any case, I'm very sorry if those emails show up on the list as duplicates.

I'm trying to get a setup of Kerberos and LDAP working. LDAP works fine with plain authentication and everything seems to be set up correctly, but when I try to use GSSAPI authentication, slapd crashes.
Application Versions:
openldap 2.3.40
heimdal 1.0.1

Server log from startup to crash:
May 17 21:50:07 Lagbox slapd[11161]: @(#) $OpenLDAP: slapd 2.3.40 (Jan 15 2008 23:41:27) $      nobody@tk-gwa:/build/src/openldap-2.3.40/servers/slapd
May 17 21:50:07 Lagbox slapd[11161]: /etc/openldap/slapd.conf: line 139: "attr" is deprecated (and undocumented); use "attrs" instead.
May 17 21:50:07 Lagbox slapd[11161]: /etc/openldap/slapd.conf: line 144: "attr" is deprecated (and undocumented); use "attrs" instead.
May 17 21:50:07 Lagbox slapd[11162]: bdb_db_open: unclean shutdown detected; attempting recovery.
May 17 21:50:07 Lagbox slapd[11162]: bdb_db_open: Warning - No DB_CONFIG file found in directory /var/lib/openldap/openldap-data: (2) Expect poor performance for suffix dc=wileynetworks,dc=org.
May 17 21:50:07 Lagbox slapd[11162]: slapd starting
May 17 21:51:04 Lagbox slapd[11162]: conn=0 fd=14 ACCEPT from IP=127.0.0.1:54066 (IP=0.0.0.0:389)
May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=0 SRCH attr=supportedSASLMechanisms
May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
May 17 21:51:04 Lagbox slapd[11162]: conn=0 op=1 BIND dn="" method=163
May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=1 RESULT tag=97 err=14 text=
May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=2 BIND dn="" method=163
May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=2 RESULT tag=97 err=14 text=
May 17 21:51:05 Lagbox slapd[11162]: conn=0 op=3 BIND dn="" method=163
May 17 21:51:05 Lagbox slapd[11165] general protection eip:b7abeb05 esp:b6c80df0 error:0

Search command that causes crash:
[arew264@Lagbox ~]$ ldapsearch -H ldap://localhost/ -b dc=wileynetworks,dc=org
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
[arew264@Lagbox ~]$

Attached: slapd.conf

Note: I am leaving all names intact here because this is a test setup and not any sort of production server.

The user that ran the search command is in kerberos and had run kinit and gotten a ticket before running the search. With just a crash and no error messages, I don't know where to start in tracking this down.

Andrew Wiley


Attachment: slapd.conf
Description: Binary data