Hide Forgot
Created attachment 809370 [details] Stacktrace Description of problem: The following piece of code in ipa password change extop plugin seems to be causing a crash: ipa_pwd_extop.c: static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) { ... if (usetxn) { Slapi_DN *sdn = slapi_sdn_new_dn_byref(dn); Slapi_Backend *be = slapi_be_select(sdn); slapi_sdn_free(&sdn); if (be) { chpwop_pb = slapi_pblock_new(); if (slapi_pblock_set(chpwop_pb, SLAPI_BACKEND, be)) { LOG_FATAL("slapi_pblock_set failed!\n"); rc = LDAP_OPERATIONS_ERROR; goto free_and_return; } >>>>> rc = slapi_back_transaction_begin(chpwop_pb); if (rc) { LOG_FATAL("failed to start transaction\n"); } } else { LOG_FATAL("failed to get be backend from %s\n", dn); } } ... ... when the target user entry is "cn=Directory Manager": # ipa-server-install ... # ldappasswd -h localhost -x -D "cn=Directory Manager" -w Secret123 -s Secret123 -ZZZ ldap_result: Can't contact LDAP server (-1) ns-slapd process crashed Version-Release number of selected component (if applicable): 389-ds-base-1.3.1.6-5.el7.x86_64 ipa-server-3.3.2-1.el7.x86_64 How reproducible: Always Steps to Reproduce: 1. Install ipa-server 2. Run ldappasswd command as specified above Actual results: DS crashes Expected results: DS does not crash, IPA rather receives an error code from slapi_back_transaction_begin Additional info: Attached stacktrace
Upstream ticket: https://fedorahosted.org/389/ticket/47329
I got the same error when changing the password for a normal user: ldappasswd -D "cn=Directory Manager" -s 12345678 uid=u-127-1797,cn=users,cn=accounts,dc=example,dc=com -w 12345678 -x
Rich, just note that the test above was done on Fedora 19 - I am not sure if it already received this fix as well.
(In reply to Martin Kosek from comment #7) > Rich, just note that the test above was done on Fedora 19 - I am not sure if > it already received this fix as well. No. The fix will be in 389-ds-base-1.3.1.13
Hi Mark, I am getting below response. DS does not crash, IPA rather receives an error code from slapi_back_transaction_begin. Can you please comment on this :: [root@dhcp207-218 ~]# rpm -q ipa-server 389-ds-base ipa-server-3.3.3-15.el7.x86_64 389-ds-base-1.3.1.6-14.el7.x86_64 [root@dhcp207-218 ~]# ldapadd -x -h localhost -p 389 -D "cn=Directory Manager" -w Secret123 << EOF > dn: uid=amsharma1,dc=newdom,dc=qe > cn: ams > sn: ams > givenname: ams > objectclass: top > objectclass: person > objectclass: organizationalPerson > objectclass: inetOrgPerson > uid: ams > mail: ams > userpassword: amsamsams > EOF adding new entry "uid=amsharma1,dc=newdom,dc=qe" [root@dhcp207-218 ~]# ldapsearch -x -D "cn=Directory Manager" -w Secret123 -h localhost -b "uid=amsharma1,dc=newdom,dc=qe" # amsharma1, newdom.qe dn: uid=amsharma1,dc=newdom,dc=qe cn: ams sn: ams givenName: ams objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: ams uid: amsharma1 mail: ams userPassword:: e1NTSEF9ZG4ycFBXSW9wZDlYeDRGc1RRbEpOVDZXTStUN3AxVnl1OXd1dVE9PQ= = [root@dhcp207-218 ~]# ldappasswd -D "cn=Directory Manager" -s amitaamita uid=amsharma1,dc=newdom,dc=qe -w Secret123 -x [root@dhcp207-218 ~]# ldapsearch -x -D "cn=Directory Manager" -w Secret123 -h localhost -b "uid=amsharma1,dc=newdom,dc=qe" # amsharma1, newdom.qe dn: uid=amsharma1,dc=newdom,dc=qe cn: ams sn: ams givenName: ams objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: ams uid: amsharma1 mail: ams userPassword:: e1NTSEF9RlV0clhrMERueTl2VEwwT3pTeDMyaHF0bEY0Q1hHdkx6ZzZiTnc9PQ= = ldappasswd -h localhost -x -D "cn=Directory Manager" -w Secret123 -s Secret123 -ZZZ Result: No such object (32) Additional info: No such Entry exists. [root@dhcp207-218 ~]# tail -f /var/log/dirsrv/slapd-NEWDOM-QE/errors [28/Jan/2014:18:55:21 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line 333]: failed to start transaction [28/Jan/2014:19:00:02 +051800] - Entry "uid=amsharma1,dc=newdom,dc=qe" -- attribute "krbExtraData" not allowed [28/Jan/2014:19:01:21 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line 333]: failed to start transaction [28/Jan/2014:19:05:46 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line 333]: failed to start transaction [28/Jan/2014:19:05:56 +051800] - Entry "uid=amsharma1,dc=newdom,dc=qe" -- attribute "krbExtraData" not allowed [28/Jan/2014:19:07:08 +051800] - Entry "uid=amsharma1,dc=newdom,dc=qe" -- attribute "krbExtraData" not allowed [28/Jan/2014:19:08:39 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line 333]: failed to start transaction [28/Jan/2014:19:12:13 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line 333]: failed to start transaction [28/Jan/2014:19:14:43 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line 333]: failed to start transaction [28/Jan/2014:19:16:13 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line 333]: failed to start transaction Thanks & Regards, Ami
(In reply to Amita Sharma from comment #9) > Hi Mark, > > I am getting below response. DS does not crash, IPA rather receives an error > code from slapi_back_transaction_begin. This is the expected behavior(fix is working). This fix/patch was added to 1.3.1.6-6, and you are testing 1.3.1.6-14. > > Can you please comment on this :: > > > [root@dhcp207-218 ~]# rpm -q ipa-server 389-ds-base > ipa-server-3.3.3-15.el7.x86_64 > 389-ds-base-1.3.1.6-14.el7.x86_64 > > [root@dhcp207-218 ~]# ldapadd -x -h localhost -p 389 -D "cn=Directory > Manager" -w Secret123 << EOF > > dn: uid=amsharma1,dc=newdom,dc=qe > > cn: ams > > sn: ams > > givenname: ams > > objectclass: top > > objectclass: person > > objectclass: organizationalPerson > > objectclass: inetOrgPerson > > uid: ams > > mail: ams > > userpassword: amsamsams > > EOF > adding new entry "uid=amsharma1,dc=newdom,dc=qe" > > [root@dhcp207-218 ~]# ldapsearch -x -D "cn=Directory Manager" -w Secret123 > -h localhost -b "uid=amsharma1,dc=newdom,dc=qe" > # amsharma1, newdom.qe > dn: uid=amsharma1,dc=newdom,dc=qe > cn: ams > sn: ams > givenName: ams > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > uid: ams > uid: amsharma1 > mail: ams > userPassword:: > e1NTSEF9ZG4ycFBXSW9wZDlYeDRGc1RRbEpOVDZXTStUN3AxVnl1OXd1dVE9PQ= > = > > [root@dhcp207-218 ~]# ldappasswd -D "cn=Directory Manager" -s amitaamita > uid=amsharma1,dc=newdom,dc=qe -w Secret123 -x > > [root@dhcp207-218 ~]# ldapsearch -x -D "cn=Directory Manager" -w Secret123 > -h localhost -b "uid=amsharma1,dc=newdom,dc=qe" > # amsharma1, newdom.qe > dn: uid=amsharma1,dc=newdom,dc=qe > cn: ams > sn: ams > givenName: ams > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: inetOrgPerson > uid: ams > uid: amsharma1 > mail: ams > userPassword:: > e1NTSEF9RlV0clhrMERueTl2VEwwT3pTeDMyaHF0bEY0Q1hHdkx6ZzZiTnc9PQ= > = > > ldappasswd -h localhost -x -D "cn=Directory Manager" -w Secret123 -s > Secret123 -ZZZ > Result: No such object (32) > Additional info: No such Entry exists. > > [root@dhcp207-218 ~]# tail -f /var/log/dirsrv/slapd-NEWDOM-QE/errors > [28/Jan/2014:18:55:21 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line > 333]: failed to start transaction > [28/Jan/2014:19:00:02 +051800] - Entry "uid=amsharma1,dc=newdom,dc=qe" -- > attribute "krbExtraData" not allowed > [28/Jan/2014:19:01:21 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line > 333]: failed to start transaction > [28/Jan/2014:19:05:46 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line > 333]: failed to start transaction > [28/Jan/2014:19:05:56 +051800] - Entry "uid=amsharma1,dc=newdom,dc=qe" -- > attribute "krbExtraData" not allowed > [28/Jan/2014:19:07:08 +051800] - Entry "uid=amsharma1,dc=newdom,dc=qe" -- > attribute "krbExtraData" not allowed > [28/Jan/2014:19:08:39 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line > 333]: failed to start transaction > [28/Jan/2014:19:12:13 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line > 333]: failed to start transaction > [28/Jan/2014:19:14:43 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line > 333]: failed to start transaction > [28/Jan/2014:19:16:13 +051800] ipapwd_chpwop - [file ipa_pwd_extop.c, line > 333]: failed to start transaction > > Thanks & Regards, > Ami
Thanks Mark for you comment. Marking bug as VERIFIED.
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.