[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange behaviour with saslautz: "incorrect" access directives cause segmentation fault



Hi,

Jeff Warnica <jeffw@chebucto.ns.ca> writes:

> I don't know if this is a known problem or not. If it isn't, I can
> provide more details, exact steps, backtraces, etc.
>
> OpenLDAP version: 2.2.15 BDB backend version: 4.2.52
>
> Anyway: I'm using Cyrus IMAP + ldapdb so I can use proxy authentication
> for access to non-cleartext password exchange. It seems that if I use a
> "group" clause in the access directive for saslAuthzTo, slapd seg faults
> while setting up the proxy auth.
>
> ie:
>
> access to attr=saslAuthzTo
> 	by dn="uid=ranger,ou=accounts,ou=unix,o=warnica,c=ca" write	
>         by * auth
>
> works.
>
> but:
> access to attr=saslAuthzTo
> 	by group="cn=DirectoryAdmins,ou=group,ou=unix,o=warnica,c=ca" write	
>         by * auth
>
> does _not_. For that matter, not having a specific saslauthzto access
> directive, but having a group clause in a more general one, same thing.
>
> Furthermore, after restarting slapd, doing anything with the applicable
> authentication object causes slapd to hang: after that seg fault it has
> corrupted the database.

See ITS#3276. REL_ENG_2_2 solved this problem.

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8C183C8622115328