[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6851) back-ldap assertion failure, LDAP proxy to Windows AD



tedcheng@symas.com wrote:
> The following patch fixed the issue:
>
> Index: servers/slapd/back-ldap/bind.c
> ===================================================================
> RCS file: /var/CVSROOT/ldap24/servers/slapd/back-ldap/bind.c,v
> retrieving revision 1.12
> retrieving revision 1.13
> diff -u -u -r1.12 -r1.13
> --- servers/slapd/back-ldap/bind.c      28 Jul 2011 09:31:34 -0000      1.12
> +++ servers/slapd/back-ldap/bind.c      17 Nov 2011 21:35:46 -0000      1.13
> @@ -2056,7 +2056,7 @@
>          struct berval   ndn;
>          int             dobind = 0;
>
> -       if ( op->o_conn == NULL || op->o_do_not_cache ) {
> +       if ( op->o_conn == NULL ) {
>                  goto done;
>          }
>
In your original post you state:

 >>>
The ldap_back_dobind() function calls ldap_back_dobind_int() for bind,
back-ldap/bind.c. The following ldap_back_dobind_int() code is destined for
assertion failure, if op->o_do_not_cache flag is set and there is no valid
binddn and bindcred returned by ldap_back_getconn(). Setting an invalid LDAP URI
for the remote AD Windows box is such a case.
<<<

So it sounds like this assert only triggers because you have an invalid 
configuration. I don't believe your patch is the correct solution if that's 
the only error case.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/