Issue 6452 - Able to crash slapd when using identity assertion
Summary: Able to crash slapd when using identity assertion
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.20
Hardware: All All
: --- normal
Target Milestone: ---
Assignee: OpenLDAP project
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-13 05:39 UTC by j@gropefruit.com
Modified: 2014-08-01 21:03 UTC (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description j@gropefruit.com 2010-01-13 05:39:52 UTC 
Full_Name: J
Version: 2.4.20
OS: Debian-Lenny/amd64
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (68.15.14.98)


Able to do all necessary identity assertion when using command-line tools
(ldapsearch, ldapmodify, etc) against my server.  Server is running back_ldap,
back_relay, pcache and back_hdb.

But when I point one of my test hosts (Debian Lenny) against this seemingly
healthy server and I try to login, I get this while running slapd -d -1:

[rw] searchEntryDN: "uid=jay,cn=plain,cn=auth,dc=example,dc=com" ->
"uid=jay,cn=plain,cn=auth,dc=example,dc=com"
slapd: /usr/src/openldap-src-2.4.20/openldap-2.4.20/servers/slapd/entry.c:483:
entry_clean: Assertion `e->e_private == ((void *)0)' failed.
Aborted

Why?
Comment 1 j@gropefruit.com 2010-01-13 06:16:29 UTC 
Nevermind, commented out the following in my relay database config area:

rwm-rewriteEngine               on
rwm-normalize-mapped-attrs      yes
rwm-rewriteContext searchAttrDN
rwm-rewriteRule "(.+,)?dc=example,dc=com$" "$1,dc=public,dc=com"

No longer crashes.  You may close.

J

On Jan 12, 2010, at 21:39 , openldap-its@OpenLDAP.org wrote:

> 
> *** THIS IS AN AUTOMATICALLY GENERATED REPLY ***
> 
> Thanks for your report to the OpenLDAP Issue Tracking System.  Your
> report has been assigned the tracking number ITS#6452.
> 
> One of our support engineers will look at your report in due course.
> Note that this may take some time because our support engineers
> are volunteers.  They only work on OpenLDAP when they have spare
> time.
> 
> If you need to provide additional information in regards to your
> issue report, you may do so by replying to this message.  Note that
> any mail sent to openldap-its@openldap.org with (ITS#6452)
> in the subject will automatically be attached to the issue report.
> 
> 	mailto:openldap-its@openldap.org?subject=(ITS#6452)
> 
> You may follow the progress of this report by loading the following
> URL in a web browser:
>    http://www.OpenLDAP.org/its/index.cgi?findid=6452
> 
> Please remember to retain your issue tracking number (ITS#6452)
> on any further messages you send to us regarding this report.  If
> you don't then you'll just waste our time and yours because we
> won't be able to properly track the report.
> 
> Please note that the Issue Tracking System is not intended to
> be used to seek help in the proper use of OpenLDAP Software.
> Such requests will be closed.
> 
> OpenLDAP Software is user supported.
> 	http://www.OpenLDAP.org/support/
> 
> --------------
> Copyright 1998-2007 The OpenLDAP Foundation, All Rights Reserved.
>
Comment 2 Howard Chu 2010-01-13 20:44:05 UTC 
changed notes
changed state Open to Suspended
Comment 3 ando@openldap.org 2010-04-09 21:12:14 UTC 
changed notes
changed state Suspended to Closed
Comment 4 OpenLDAP project 2014-08-01 21:03:42 UTC 
dup #6450, #6451
should check this in HEAD/2.4.21