[Date Prev][Date Next] [Chronological] [Thread] [Top]

Strange behaviour with saslautz: "incorrect" access directives cause segmentation fault



I don't know if this is a known problem or not. If it isn't, I can
provide more details, exact steps, backtraces, etc.

OpenLDAP version: 2.2.15 BDB backend version: 4.2.52

Anyway: I'm using Cyrus IMAP + ldapdb so I can use proxy authentication
for access to non-cleartext password exchange. It seems that if I use a
"group" clause in the access directive for saslAuthzTo, slapd seg faults
while setting up the proxy auth.

ie:

access to attr=saslAuthzTo
	by dn="uid=ranger,ou=accounts,ou=unix,o=warnica,c=ca" write	
        by * auth

works.

but:
access to attr=saslAuthzTo
	by group="cn=DirectoryAdmins,ou=group,ou=unix,o=warnica,c=ca" write	
        by * auth

does _not_. For that matter, not having a specific saslauthzto access
directive, but having a group clause in a more general one, same thing.

Furthermore, after restarting slapd, doing anything with the applicable
authentication object causes slapd to hang: after that seg fault it has
corrupted the database.