[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd segfaults with SASL/GSSAPI binds

To: OpenLDAP Software List <openldap-software@OpenLDAP.org>
Subject: slapd segfaults with SASL/GSSAPI binds
From: Christopher Schadl <cschadl@satan.org.uk>
Date: Wed, 07 Jul 2004 19:19:46 -0500

This is really weird.  I'm just setting up a new server (migrating from
OpenLDAP 2.0 to 2.2), and slapd segfaults whenever I attempt a SASL bind
using the GSSAPI mechanism:

On the client side:

cds@osaka:~$ kdestroy
cds@osaka:~$ kinit chris
chris@LEET.ORG's Password:
cds@osaka:~$ ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
cds@osaka:~$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
        Principal: chris@LEET.ORG
 
  Issued           Expires          Principal
Jul  7 18:13:39  Jul  8 04:13:52  krbtgt/LEET.ORG@LEET.ORG
Jul  7 18:13:39  Jul  8 04:13:52  krbtgt/LEET.ORG@LEET.ORG
Jul  7 18:13:44  Jul  8 04:13:52  ldap/osaka.leet.org@LEET.ORG

On the server side:

osaka:~# /usr/local/libexec/slapd -h ldap://0.0.0.0 ldaps://0.0.0.0 -d
256 -u slapd -g slapd
@(#) $OpenLDAP: slapd 2.2.13 (Jul  6 2004 17:17:27) $
       
root@osaka:/usr/local/src/openldap2.2/openldap-2.2.13/servers/slapd
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December  3,
2003)
bdb_db_init: Initializing BDB database
slapd starting
conn=0 fd=11 ACCEPT from IP=192.168.0.3:1302 (IP=0.0.0.0:389)
conn=0 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
conn=0 op=0 SRCH attr=supportedSASLMechanisms
conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=1 BIND dn="" method=163
Segmentation fault

Here is my (minimal) slapd.conf:

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include	    /usr/local/etc/openldap/schema/core.schema
include     /usr/local/etc/openldap/schema/cosine.schema
include     /usr/local/etc/openldap/schema/nis.schema
include     /usr/local/etc/openldap/schema/inetorgperson.schema
include     /usr/local/etc/openldap/schema/krb5-kdc.schema

pidfile		/usr/local/var/run/slapd/slapd.pid
argsfile	/usr/local/var/run/slapd/slapd.args

TLSCertificateFile      /usr/local/etc/openldap/slapd.crt
TLSCertificateKeyFile   /usr/local/etc/openldap/slapd.key
TLSCACertificateFile    /usr/local/etc/openldap/cacert.pem

sasl-realm  LEET.ORG
sasl-host   osaka.leet.org

database	bdb
suffix		"dc=leet,dc=org"
rootdn      	"uid=ldapadm,cn=gssapi,cn=auth"
directory	/usr/local/var/openldap-data
index		objectClass     eq

sasl-regexp uid=(.*),cn=gssapi,cn=auth
    uid=$1,ou=People,dc=leet,dc=org

Note that Kerberos/GSSAPI is working for other things, and that the
distinguished name 'uid=chris,ou=People,dc=leet,dc=org' exists in the
LDAP tree.  My LDAP installation consists of Openldap 2.2.13, linked
against BDB 4.2.52 and Cyrus SASL 2.1.18.  I'd appreciate any clues as
to what I might be doing wrong, or if there is a workaround for this
problem.

Thanks,

Chris Schadl
cschadl@satan.org.uk

Follow-Ups:
- Re: slapd segfaults with SASL/GSSAPI binds
  - From: Christopher Schadl <cschadl@satan.org.uk>
- Re: slapd segfaults with SASL/GSSAPI binds
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: debugging tls (apache2 mod_ldap)
Next by Date: Re: slapd segfaults with SASL/GSSAPI binds
Index(es):
- Chronological
- Thread