[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7905) rwm_attrs: Assertion failed

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7905) rwm_attrs: Assertion failed
From: hyc@symas.com
Date: Fri, 25 Jul 2014 19:33:03 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

andreas.schoe@gfz-potsdam.de wrote:
> --Apple-Mail=_C218ED3F-A76E-4570-8833-063C70827424
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/plain;
> 	charset=windows-1252
>
> Hello,
>
> you could reproduce it on a Single instance with the following ldif =
> file:
>
> ldapadd -h localhost -D "cn=3Dldapadmin,ou=3Dconf,dc=3Dexample,dc=3Dde" =
> -w 'test' -f ldif.ldif
> <ldif.ldif>
> dn: dc=3Dexample,dc=3Dde
> dc: example
> objectClass: top
> objectClass: organization
> objectClass: dcObject
> o: EXAMPLE
>
> dn: ou=3DPeople,dc=3Dexample,dc=3Dde
> objectClass: top
> objectClass: organizationalUnit
> ou: People
>
> dn: uid=3Dandi,ou=3DPeople,dc=3Dexample,dc=3Dde
> uid: andi
> uidNumber: 12
> gidNumber: 20
> homeDirectory: /home/andi
> loginShell: /bin/tcsh
> objectClass: exPassword
> objectClass: top
> objectClass: posixAccount
> objectClass: person
> sn: Schoe
> cn: Andreas Schoe
> gfzNisPassword: {CRYPT}i.hBxh9rngIPE
> <ldif>
>
> schema for Attribute:
> {0}( 1.3.6.1.4.1.25398.511 NAME 'nisPassword' DESC 'Password for NIS' =
> EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 =
> X-ORIGIN 'user defined' )

The schema of your nisPassword attribute is incompatible with userPassword. 
Your configuration is invalid. Closing this ITS.

> {0}( 1.3.6.1.4.1.25398.500 NAME 'exPassword' DESC 'additional attributes =
> for accounts' SUP top AUXILIARY MAY ( nisPassword  ) X-ORIGIN 'user =
> defined=91 )
>
> rwm config:
> olcRwmMap: {0}attribute gfzNisPassword userPassword
>
> ldapsearch -h rzc37 -D "uid=3Dandi,ou=3DPeople,dc=3Dexample,dc=3Dde" -w =
> 'te' -b "dc=3Dexample,dc=3Dde" -x -LLL '(uid=3Dandi)'=20
> Still the same Error: slapd: rwm.c:1286: rwm_attrs: Assertion =
> `(*ap)->a_nvals =3D=3D (*ap)->a_vals' failed.
>
> that worked:
> ldapsearch -h localhost -D "uid=3Dandi,ou=3DPeople,dc=3Dexample,dc=3Dde" =
> -w 'te' -b "dc=3Dexample,dc=3Dde" -x -LLL '(uid=3Dandi)' cn
>
> best regards
> andreas
>
> Am 24.07.2014 um 21:35 schrieb andreas.schoe@gfz-potsdam.de:
>
>> Full_Name: Andreas Schoe
>> Version: 2.4.39
>> OS: linux/gentoo
>> URL:=20
>> Submission from: (NULL) (139.17.31.83)
>> =20
>> =20
>> First I want to use a proxy to authenticate against another password =
> attribute
>> but with a proxy I can not "map" the userPassword Attirbute for bind =
> operation.
>> For search operations it worked. I recognized, that write operations =
> can rewrite
>> the userpassword attribute. I setup two ldap servers one Master and =
> one Slave.
>> On the Slave I use first refreshOnly and than refreshAndPersists. The =
> issue are
>> still the same for Syncrepl as refreshOnly and refreshAndPersists. On =
> the Slave
>> I also use the RWM Overlay to override the userPassword attribute.=20
>> =20
>> example for syncrepl:
>> {0}rid=3D001 provider=3Dldaps://ldap.example.de/ tls_reqcert=3Dnever =
> binddn=3D""
>> bindmethod=3Dsimple credentials=3D searchbase=3D=84dc=3Dexample,dc=3Dde"=
>
>> filter=3D"(|(ou=3DPeople)(uid=3Dandi))" =
> attrs=3D=84sn,cn,mail,uid,nisPassword,+"
>> schemachecking=3Doff type=3DrefreshOnly interval=3D00:00:01:00 =
> retry=3D"1 1 100 +"
>> timeout=3D1
>> =20
>> rwm config:
>> {0}attribute nisPassword userPassword
>> =20
>> That works fine, I can bind against the Slave with the nisPassword =
> from the
>> Master, but when I try a ldapsearch with requesting all attributes the =
> server
>> crashes. Same with "ldapsearch (uid=3Dandi) userpassword nispassword"
>> "ldapsearch (uid=3Dandi) cn sn" worked
>> =20
>> After crashing the server restarts when nisPassword on Master isn=B4t =
> changed.
>> After changing nisPassword on the Master the Server won=B4t start.
>> =20
>> The Error is:
>> slapd: rwm.c:1286: rwm_attrs: Assertion `(*ap)->a_nvals =3D=3D =
> (*ap)->a_vals'
>> failed.
>> =20
>> tried with hdb and bdb backend and schemacking=3Don, every time the =
> same Error
>> =20
>> try the same with other attributes
>> syncrepl:attrs=3D=84sn,mail,uid,nisPassword,+"
>> rwm config
>> {0}attribute sn cn
>> =20
>> "ldapsearch (uid=3Dandi) sn" worked
>> =20

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7907) Openldap 2.4.39 can be installed in RedHat 5 ???
Next by Date: Re: (ITS#7789) Unreliable mdb_env_set_mapsize()
Index(es):
- Chronological
- Thread