Bug 713961
| Summary: | libsss_ldap segfault at login against OpenLDAP | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Stephen Gallagher <sgallagh> | |
| Component: | sssd | Assignee: | Stephen Gallagher <sgallagh> | |
| Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> | |
| Severity: | urgent | Docs Contact: | ||
| Priority: | urgent | |||
| Version: | 6.2 | CC: | benl, dpal, grajaiya, jagee, jgalipea, jkodak, jwest, kbanerje, prc | |
| Target Milestone: | rc | Keywords: | Regression, ZStream | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | sssd-1.5.1-41.el6 | Doc Type: | Bug Fix | |
| Doc Text: |
When SSSD communicated with an OpenLDAP server, which supported server-side password policies but did not list them in the "supportedControl" attribute of the server's rootDSE entry, SSSD terminated unexpectedly with a segmentation fault. This was a regression introduced in version 1.5.1-34.el6 of the sssd package. An upstream patch has been provided to fix this bug.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 748848 (view as bug list) | Environment: | ||
| Last Closed: | 2011-12-06 16:38:51 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 716909, 748848 | |||
Nominee for Async. *** Bug 714301 has been marked as a duplicate of this bug. ***
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
When SSSD communicated with an OpenLDAP server, which supported server-side password policies but did not list them in the "supportedControl" attribute of the server's rootDSE entry, SSSD terminated unexpectedly with a segmentation fault. This was a regression introduced in version 1.5.1-34.el6 of the sssd package. An upstream patch has been provided to fix this bug.
Verified in version: # rpm -qi sssd | head Name : sssd Relocations: (not relocatable) Version : 1.5.1 Vendor: Red Hat, Inc. Release : 52.el6 Build Date: Tue 20 Sep 2011 09:11:03 PM IST Install Date: Wed 21 Sep 2011 03:07:04 PM IST Build Host: x86-010.build.bos.redhat.com Group : Applications/System Source RPM: sssd-1.5.1-52.el6.src.rpm Size : 3550647 License: GPLv3+ Signature : (none) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1529.html |
How to reproduce: To reproduce the segfault it should be sufficient to add objectClass: pwdPolicy pwdAttribute: userPassword to a user entry and try to log in with this user. For completeness, to use the ppolicy overlay please add: olcModuleLoad: ppolicy.la olcPPolicyDefault: cn=pwdconfig,ou=config,dc=your,dc=base,dc=dn olcOverlay: ppolicy to /etc/openldap/slapd.d/cn=config/olcDatabase={1}bdb.ldif . Create a policy like dn: cn=pwdconfig,ou=config,dc=your,dc=base,dc=dn objectClass: pwdPolicy objectClass: top objectClass: person pwdAttribute: userPassword sn: Password Policy cn: pwdconfig pwdMaxAge: 100 pwdExpireWarning: 10 pwdGraceAuthNLimit: 3 and add objectClass: pwdPolicy pwdAttribute: userPassword pwdPolicySubentry: cn=pwdconfig,ou=config,dc=your,dc=base,dc=dn to a user object.