Everything is in the title: slapd on master branch segfaults at first connection establishment with an LDAP client slapd-2.5.X-Devel Compilation options: ./configure --prefix=/usr/local/openldap --libdir=/usr/local/openldap/lib64 --enable-overlays --enable-modules --enable-dynamic=yes --with-tls=openssl --enable-debug --with-cyrus-sasl --enable-spasswd --enable-ppolicy --enable-crypt --enable-ldap -enable-slapi --enable-meta --enable-sock --enable-wrappers --enable-rlookups using default slapd.conf file: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/openldap/etc/openldap/schema/core.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/openldap/var/run/slapd.pid argsfile /usr/local/openldap/var/run/slapd.args # Load dynamic backend modules: # modulepath /usr/local/openldap/libexec/openldap # moduleload back_mdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # MDB database definitions ####################################################################### database mdb maxsize 1073741824 suffix "dc=my-domain,dc=com" rootdn "cn=Manager,dc=my-domain,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/openldap/var/openldap-data # Indices to maintain index objectClass eq For information, I also converted this configuration into cn=config with the same result. some commands after installation: mkdir /usr/local/openldap/var/openldap-data chown -R ldap:ldap /usr/local/openldap Launch command: /usr/local/openldap/libexec/slapd -h 'ldap://*:389 ldaps://*:636' -f /usr/local/openldap/etc/openldap/slapd.conf -u ldap -g ldap -d -1 Establish connection with any client with manager credential on 389 port. Console output: 6036a1a3 daemon: activity on 1 descriptor 6036a1a3 daemon: activity on: 6036a1a3 slap_listener_activate(7): 6036a1a3 daemon: epoll: listen=7 busy 6036a1a3 daemon: epoll: listen=8 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=9 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=10 active_threads=0 tvp=NULL 6036a1a3 >>> slap_listener(ldap://*:389) 6036a1a3 daemon: accept() = 14 6036a1a3 daemon: activity on 1 descriptor 6036a1a3 daemon: activity on: 6036a1a3 daemon: epoll: listen=7 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=8 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=9 active_threads=0 tvp=NULL 6036a1a3 daemon: epoll: listen=10 active_threads=0 tvp=NULL 6036a1a3 daemon: listen=7, new connection on 14 Erreur de segmentation
Broken by ITS#9339, fixed in master
Commits: • 22fd5a89 by Howard Chu at 2021-02-24T19:59:51+00:00 ITS#9477 fix regression from #9339 Must provide plain IP address for TCP wrapper
*** Issue 9445 has been marked as a duplicate of this issue. ***