Bug 213834
Summary: | slapd (FDS 1.0.3) crashes with plugin running fine under FDS 1.0.2 | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] 389 | Reporter: | Dirk Husung <husung> | ||||
Component: | Server - Plugins | Assignee: | Rich Megginson <rmeggins> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Orla Hegarty <ohegarty> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 1.0.2 | CC: | k.georgiou, ohegarty | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i386 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-11-06 20:37:20 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 213957 | ||||||
Attachments: |
|
Description
Dirk Husung
2006-11-03 11:05:05 UTC
Do you have any more information about the crash? Do you have a stack trace or something like that? The only thing I can think of is that we changed the way slapd links with cyrus-sasl/gssapi/kerberos - we use whatever version of cyrus-sasl is install on the OS, and we don't link ns-slapd with -lgssapi_krb5. It could be a binary incompatibility issue. Several internal structures changed sizes. But if you just compile with the slapi-plugin.h header, and no other headers, you should have been isolated from this. The other thing that changed sizes are the LDAP API structures. slapi-plugin.h includes ldap.h, but if you are not using any LDAP API functions, you should not be affected. Can you post the Makefile you used to build your plugin, the header files included by your plugin .c and .h files, and a list of the slapi and ldap functions you are using? That would be very useful to determine if this is an ABI problem. Or, if you could just recompile your plugin with FDS 1.0.3, we could see if that fixes the problem. Created attachment 140443 [details]
Kerberos 5 password schema plugin
Attached in krb5pwd.tar.gz you find krb5pwd.c, the Makefile and the dse.ldif
section I used. In krb5pwd.c "#ifdef XXXXXXXXXXX" uncomments the real code, the
corresponding "#else" section contains the few statements that cause slapd to
crash. My first idea was to recompile my plugin but that didn't help.
When I do an ldapsearch (openldap client) for a user who uses my kerberos
password scheme:
ldapsearch -H ldaps://<hostname> -x -b
"uid=<user>,ou=People,dc=tu-harburg,dc=de" -D
"uid=<user>,ou=People,dc=tu-harburg,dc=de" -W
Enter LDAP Password: xxxxxxx
I receive
ldap_result: Can't contact LDAP server (-1)
and the slapd process is gone.
slapd-<host>/logs/errors reports at the same time:
[06/Nov/2006:10:25:09 +0100] - slapd started. Listening on 134.28.201.19 port
389 for LDAP requests
[06/Nov/2006:10:25:09 +0100] - Listening on 134.28.201.19 port 636 for LDAPS
requests
[06/Nov/2006:10:25:45 +0100] krb5PwdStoragePlugin - -0-
and that's it; i.e. I don't pass "krb5_init_context(&context);"
What else could I test? strace stopped when the slapd process was detached.
(At the moment I think I'll have to switch to your pam_passthru plugin, but I
worry about other plugins.)
Looks like the problem is what I mentioned above. slapd doesn't link against -lkrb5 anymore with fds 1.0.3. When you build your plugin, you have to explicitly link against -lkrb5. When I ran your original plugin against fds 1.0.3 using start-slapd -d 1, the output said that krb5_init_context() could not be found, because neither slapd nor the plugin was linked with -lkrb5. FDS 1.0.3 is linked against -lsasl2 only. This will pull in -lkrb5 only when a SASL/GSSAPI BIND attempt is made. So the solution is to link your plugin with -lkrb5. Thanks a lot, I'd like to confirm that my problem is solved. |