[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd crashes on bind





--On Friday, November 14, 2003 12:29 PM -0500 Marc-Andre Gaudreau <Marc-Andre.Gaudreau@USherbrooke.ca> wrote:

Hi,

I searched through the archives and I don't think this has been reported
yet...

We had a weird problem last week as slapd started crashing repeatedly
(we've been running openldap for months now and this never happened
before).  Nothing weird showed up in the logfiles.  After a few crashes,
we noticed that the last entry in the logfiles before a crash was always
a bind operation by the same account.  After changing the password for
that user, slapd stopped crashing.

Further investigation showed that someone changed the password for this
account just before the incident and made a little mistake.  Here is how
we were able to reproduce the problem :

1- Running "slappasswd", we get "{SSHA}qCODA0Z4EKzxxEa3IgkjU1tKLtdBDq4S"
2- We put all but the last character of this string in the password field
of an account ({SSHA}qCODA0Z4EKzxxEa3IgkjU1tKLtdBDq4).
3- Perform a bind operation for this account

This crashes slapd in the same way we've seen last week.  I tried to get
more output in the logs by setting loglevel to 4095.  After crashing
slapd again and looking at the logfiles, everything seems to go well and
just stops after the acl verification (which returns "access granted" on
the last line of the logfile).

I don't think this is a configuration problem but if it is I would be
happy to provide more informations if it helped solve my problem.  For a
start, we are using openldap 2.1.22 on redhat 7.3.

Could somebody tell me if they get the same result on their setup by
running the same operations (in a test environment of course! :)?


This sounds like a bug. You should file an ITS at http://www.openldap.org/its/ so that it can be tracked appropriately.

--Quanah



--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html