Re: using openldap with mac os x clients

[Darcy Kroeker <darcy.kroeker@gmail.com>]

Thanks Aaron,

I'm happy to hear somebody has this working. I didn't think I was
attempting anything too crazy.

I've taken some debugging steps as recommended in the FAQ. I set
loglevel 64 and enabled debugging in syslogd.conf but I don't see
anything helpful in the /var/log/debug file.

However, running slapd in the debugger gives me the following stack
trace. Looks like my problem is SASL-related somehow:

#0  0x00000000 in ?? ()
No symbol table info available.
#1  0x40018c81 in _sasldb_getdata (utils=0x8156958, context=0x8155b50, 
    auth_identity=0x8156a20 "testguy", 
    realm=0x81567c8 "squall.cs.uwaterloo.ca", 
    propName=0x4001dd9c "userPassword", out=0x40e6b4b8 "", max_out=8192, 
    out_len=0x40e6b4ac) at db_berkeley.c:183
        result = 0
        key = 0x8156a30 "testguy"
        key_len = 43
        dbkey = {data = 0x8156a30, size = 43, ulen = 0, dlen = 0, doff = 0, 
  flags = 0}
        data = {data = 0x0, size = 0, ulen = 0, dlen = 0, doff = 0, flags = 0}
        mbdb = (DB *) 0x8156a60
#2  0x4001716b in sasldb_auxprop_lookup (glob_context=0x0, sparams=0x8156880, 
    flags=0, user=0x8156561 "testguy", ulen=135623700) at sasldb.c:113
        realname = 0x4001dd9c "userPassword"
        userid = 0x8156a20 "testguy"
        realm = 0x81567c8 "squall.cs.uwaterloo.ca"
        user_realm = 0x8156a60 ""
        ret = 135621216
        to_fetch = (const struct propval *) 0x8156a60
        cur = (const struct propval *) 0x8157414
        value = '\0' <repeats 2136 times>, "\034Ûæ@àÅæ@ÀÇ\a\bàÅæ@@½æ@åÇ\a\b•+\02
5\bP\"\021\b\000\000\000\000\000\000\000\000\034Ûæ@
#\021\bp½æ@Â#\v\bàÅæ@\220#\021\b", '\0' <repeats 20 times>,
"•+\025\b\000\000\000\000ôÅæ@\220½æ@-È\a\b\bÝ\020\bàÅæ@ÀÇ\a\b\002\000\000\0000Ææ@•+\025\bôÅæ@¹µ\a\bÈÁæ@\000\000\000\000\b\004\000\000È\"\021\b",
'\0' <repeats 104 times>,
"\034Ûæ@àÆæ@ÀÇ\a\bàÆæ@\034Ûæ@ðÆæ@ÀÇ\a\bðÆæ@P¾æ@åÇ"...
        value_len = 0
        user_buf = 0x8152b38 "testguy"
#3  0x400df013 in _sasl_auxprop_lookup (sparams=0x8156880, flags=0, 
    user=0x8156561 "testguy", ulen=7) at auxprop.c:870
        getopt = (sasl_getopt_t *) 0x400e3528 <_sasl_conn_getopt>
        ret = 135621216
        found = 1
        context = (void *) 0x8155b50
        plist = 0x0
        ptr = (auxprop_plug_list_t *) 0x81167f8
#4  0x400df66c in _sasl_canon_user (conn=0x8155b50, user=0x8156561 "testguy", 
    ulen=7, flags=3, oparams=0x81563b0) at canonusr.c:190
        ptr = (canonuser_plug_list_t *) 0x2
        sconn = (sasl_server_conn_t *) 0x8155b50
        cconn = (sasl_client_conn_t *) 0x0
        cuser_cb = (sasl_canon_user_t *) 0x80832cc <slap_sasl_canonicalize>
        getopt = (sasl_getopt_t *) 0x400e3528 <_sasl_conn_getopt>
        context = (void *) 0x8155b50
        result = 135621216
        plugin_name = 0x400eabe3 "INTERNAL"
        user_buf = 0x8156561 "testguy"
        lenp = (unsigned int *) 0x81563c0
#5  0x4001c15b in crammd5_server_mech_step2 (text=0x8156a60, 
    sparams=0x8156880, 
    clientin=0x8156f58 "testguy fc76d73e9b8bab68ff19ceaec5a2f998", 
    clientinlen=40, serverout=0x40e6d79c, serveroutlen=0x40e6d7a0, 
    oparams=0x81563b0) at cram.c:259
        userid = 0x8156848 "testguy"
        sec = (sasl_secret_t *) 0x0
        pos = 7
        len = 1088872508
        result = 0
        password_request = {0x4001dd9b "*userPassword", 
  0x4001dda9 "*cmusaslsecretCRAM-MD5", 0x0}
        auxprop_values = {{
    name = 0x40e6d738 "\234×æ@ ×æ@°c\025\b\234×æ@À×æ@ÀÂ", values = 0x400156f8, 
    nvalues = 1088870144, valsize = 135055215}, {name = 0x81567e8 "\002", 
    values = 0x8153bf4, nvalues = 1074643700, valsize = 1074634752}, {
    name = 0x40007f1f "\201ÃÑÕ", values = 0x400154f0, nvalues = 0, 
    valsize = 1073829624}}
        tmphmac = {ictx = {state = {1088872508, 1073779633, 1074646392, 
      134518351}, count = {60, 0}, 
    buffer = "\000\000\000\000ÖÏ\r@tÄ\r@$•\r@\000 \r@\b\000\000\000$­\r@ðT\001@\
224X\001@O\226\004\bøÖæ@\003\200\000@O\226\004\b û(\016\200\222\004\bàÖæ@"}, 
  octx = {state = {1073829960, 2, 1, 0}, count = {1, 135062123}, 
    buffer = "ÃÖæ@Wo\025\b\001\000\000\000)\000\000\000èg\025\bô;\025\bÐÖæ@\aÁ\f\bèg\025\bàÖæ@\001\000\000\000\004\000\000\000\004\000\000\000Ko\025\b\000\000\000\000
û(\016"}}
        md5state = {istate = {1088872508, 135604432, 1088869936, 134612788}, 
  ostate = {1080128660, 1088869976, 1088869936, 135062746}}
        clear_md5state = 0
        digest_str = 0x0
        digest = {1642518104, 2215997040, 1088869904, 135067593}
#6  0x400e82aa in sasl_server_step (conn=0x8155b50, 
    clientin=0x8156f58 "testguy fc76d73e9b8bab68ff19ceaec5a2f998", 
    clientinlen=40, serverout=0x40e6d79c, serveroutlen=0x0) at server.c:1408
        ret = 135622488
#7  0x08084387 in slap_sasl_bind (op=0x8153bc0, rs=0x40e6d858) at sasl.c:1499
        ctx = (sasl_conn_t *) 0x8155b50
        response = {bv_len = 0, bv_val = 0x0}
        reslen = 0
        sc = 1080128500
#8  0x0806971c in do_bind (op=0x8153bc0, rs=0x40e6d858) at bind.c:300
        len = 40
        ber = (BerElement *) 0x8156950
        version = 3
        method = 163
        mech = {bv_len = 8, bv_val = 0x8156f4e "CRAM-MD5"}
        dn = {bv_len = 0, bv_val = 0x8156f4a ""}
        tag = 135621216
        be = (Backend *) 0x0
#9  0x08056aa2 in connection_operation (ctx=0x40e6d8d8, arg_v=0x8153bc0)
    at connection.c:1044
        rc = 14
        rs = {sr_type = REP_RESULT, sr_tag = 0, sr_msgid = 0, sr_err = 0, 
  sr_matched = 0x0, sr_text = 0x0, sr_ref = 0x0, sr_ctrls = 0x0, sr_un = {
    sru_sasl = {r_sasldata = 0x0}, sru_extended = {r_rspoid = 0x0, 
      r_rspdata = 0x0}, sru_search = {r_entry = 0x0, r_attrs = 0x0, 
      r_nentries = 0, r_v2ref = 0x0}}, sr_flags = 0}
        tag = 96
        oldtag = 96
        conn = (Connection *) 0x406173f4
        memctx = (void *) 0x81528d0
        memctx_null = (void *) 0x0
#10 0x080b50a7 in ldap_int_thread_pool_wrapper (xpool=0x8113508) at tpool.c:467
        ctx = (ldap_int_thread_ctx_t *) 0x81527f0
        ltc_key = {{ltk_key = 0x8085ac4, ltk_data = 0x81528d0, 
    ltk_free = 0x8085a98 <sl_mem_destroy>}, {ltk_key = 0x81507e0, 
    ltk_data = 0x285, ltk_free = 0x80a1ff8 <bdb_locker_id_free>}, {
    ltk_key = 0x81507e1, ltk_data = 0x8153f30, 
    ltk_free = 0x80a1e6c <bdb_txn_free>}, {ltk_key = 0x8099aa8, 
    ltk_data = 0x40f6f008, ltk_free = 0x8099a90 <search_stack_free>}, {
    ltk_key = 0x0, ltk_data = 0x0, ltk_free = 0} <repeats 28 times>}
        tid = 1088871216
        i = 135604208
        keyslot = 561
        hash = 0
#11 0x40104484 in start_thread () from /lib/tls/libpthread.so.0
No symbol table info available.
#12 0x420df147 in clone () from /lib/tls/libc.so.6
No symbol table info available.



On 6/20/05, Aaron Richton <richton@nbcs.rutgers.edu> wrote:
> I have hundreds of OS X 10.3 clients running against OpenLDAP 2.2.
> 
> With that said, I looked through my notes, and I skipped 2.2.24 entirely.
> I'd try upgrading to 2.2.27, which I'm now using successfully. If your
> Macs still manage to crash a 2.2.27 server, read the FAQ on getting useful
> debugging information and then ask the list for help thereof.
> 
> On Mon, 20 Jun 2005, Darcy Kroeker wrote:
> 
> > I'm having trouble getting my openldap server to work with mac clients.
> >
> > When I try to authenticate a mac os x client (OS 10.3) against
> > openldap (2.2.24), the openldap server crashes. I can successfully
> > authenticate fc3 clients. I can also successfully do an ldapsearch
> > from the mac. So _something's_ working, clearly. The openldap server
> > is running on RH9.
> >
> > Does anyone have any advice about how I can solve this problem? I am
> > new to openldap so any clues will be welcome.
> >
> > Thanks,
> > Darcy
> >
>