[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Server dies when authenticating via SASL/GSSAPI

To: openldap-software@OpenLDAP.org
Subject: Re: Server dies when authenticating via SASL/GSSAPI
From: hac+lists.openldap.software@hac.hr (Miroslav Zubcic)
Date: Fri, 15 Nov 2002 12:35:08 +0100
Distribution: World
In-reply-to: <26358.1037351717@www39.gmx.net> (Harry Rüter's message of "Fri, 15 Nov 2002 10:15:17 +0100 (MET)")
Mail-copies-to: nobody
Organization: EINPROGRESS
References: <26358.1037351717@www39.gmx.net>
User-agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.4 (Honest Recruiter, i386-redhat-linux)

Harry Rüter <harry_rueter@gmx.de> writes:

> Red Hat LINUX 7.2 Kernel 2.4.19
> Openssl 0.9.6g
> Cyrus-SASL 2.1.9
> Heimdal Kerberos V  0.5.1
> OpenLDAP 2.1.8
>
> The Problem:
>
> When making a search via ldapsearch using SASL/GSSAPI-authentication
> the slapd-server dies ...

[...]

> ---snipp---
> [root@server]# ldapsearch -H "ldaps://server" -b "" -s base -U 44857  -LLL
> supportedSASLMechanisms
> SASL/GSSAPI authentication started
> ldap_sasl_interactive_bind_s: Can't contact LDAP server (81) 
> [root@server]# 
> ---snipp---

[...]

> That's it ...

I have reported bug about misterious crashes with GSSAPI SASL slapd(8)
and ldapsearch. Look for (closed) ITS-es 2100, 2101 and 2104.

gdb of core dumps on RedHat 7.3 followed deep into libc and sometimes
noware. I'm sure that I have tested all with proper libraries and
plugins (ldd(1), strace(1), readelf(1) and LD_RUN_PATH during
compilation helped me to be sure about shared libs).

It works on RedHat 8.0 well. Except that sometimes ldapsearch(1) is
disconnected prematurely (MIT KRB5 libs). Slapd(8) is not dying.

Developer Kurt told me that problem is probably in thread safe
openldap vs sasl vs non-thread safe kerberos libs - but with heimdal I
have also expirianced segfaults on RH 7.3.

I don't know why slapd is working on RH 8.0, maybe something is
changed in OpenLDAP 2.1.6 and 2.1.8? Maybe system libc and/or thread
library changed something ... who knows.

> I tried everything (i know off) to find out what the problem is,
> but i can't find the reason, why it doesn't work ...

Standard debug procedure will be to recompile OL with CFLAGS="-g" and
setting "ulimit -c 99999999" in shell (to allow core dumps) and
examining core dumps in gdb(1). But I doubt that you can get sensible
or valuable debug info - I didn't. :-( 

> So my last hope is that someone on the list has an idea ...

Try to compile on RH 8.0, and move slapd(8) to 7.2, link server
half-way staticly, if it doesn't work link it with libc from 8.0.
Remove `ldap' keywords from nsswitch.conf ... Try to play a bit. :-)

-- 
		The Network is the Filesystem

References:
- Server dies when authenticating via SASL/GSSAPI
  - From: Harry Rüter <harry_rueter@gmx.de>

Prev by Date: ldap, samba and s
Next by Date: homePostalAddress attribute
Index(es):
- Chronological
- Thread