Bug 106801 - Bad: Segfaults using nss_ldap and ldapi
Summary: Bad: Segfaults using nss_ldap and ldapi
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: nss_ldap (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: i386 Linux
medium
high
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Keywords:
: 112046 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-10-10 18:49 UTC by Jan Koop
Modified: 2007-11-30 22:06 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-16 17:16:23 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
strace of segfault on RHEL 3 (20.71 KB, text/plain)
2003-12-15 14:19 UTC, Jan Koop
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2003:339 normal SHIPPED_LIVE Updated nss_ldap packages available 2003-11-11 05:00:00 UTC

Description Jan Koop 2003-10-10 18:49:48 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-de) AppleWebKit/85.7 (KHTML, like 
Gecko) Safari/85.5

Description of problem:
when using ldapi:// (e.g. ldapi://%2fvar%2frun%2fldapi/ ) socket communication witch nss_ldap 
everything using pam or nss segfaults (e.g. id, sshd)
ldapsearch -x <same URI> works, so does samba.

Version-Release number of selected component (if applicable):
nss_ldap-207-2

How reproducible:
Always

Steps to Reproduce:
0. configure ldap authentication
1. put ' SLAPD_OPTIONS='"-h ldap:/// ldapi:///"' ' in /etc/openldap/slapd.conf
2. put ' uri ldapi://%2fvar%2frun%2fldapi/' in /etc/ldap.conf '
3. restart openldap
4. run ' id ' or whatever
    

Actual Results:  SEGFAULT

Expected Results:  no SEGFAULT

Additional info: must be fixed before

Comment 2 Nalin Dahyabhai 2003-12-15 13:15:12 UTC
*** Bug 112046 has been marked as a duplicate of this bug. ***

Comment 3 Paul D. Mitcheson 2003-12-15 13:26:11 UTC
Just to add my comments:

This problem seems to have gone away in the final release of rhel 3 on
ia32 (I am using it without problem.)

However, on my new AMD opteron using the x86-64 it does not work.

Please would you fix this as quickly as possible - it is preventing me
from letting users login to this box.

If I can provide more info please let me know.

Regards,

Paul

Comment 4 Jan Koop 2003-12-15 14:19:07 UTC
Created attachment 96536 [details]
strace of segfault on RHEL 3

At least in SMP mode (Test setup: 4x Pentium II Xeon 400 MHz) this bug has not
gone away in RHEL 3 final. See attached strace output.

Comment 5 Paul D. Mitcheson 2003-12-15 14:53:00 UTC
I have LDAP auth working fine on the x86 version for the smp kernel on
a P4 hyperthread  - ie not with two actual CPUs.

The box I suffer the problems on is a dual opteron using the SMP kernel.

Regards,

Paul

Comment 6 Jan Koop 2003-12-15 15:39:42 UTC
LDAP auth is not the problem, that works fine.
nsswitch lookups via ldapi:// (socket in /var/run/ldapi ), not ldap:// or ldaps:// are 
the problem.

Comment 7 Paul D. Mitcheson 2003-12-15 15:44:41 UTC
OK - but it still means that you can't use ldap for logins, right?

Or am I missing something?

Cheers,

Paul

Comment 8 Paul D. Mitcheson 2003-12-16 15:13:16 UTC
version in beta update 1 works for me.

great.

Paul

Comment 9 Jan Koop 2003-12-17 13:06:46 UTC
I'm glad to hear that you solved your problem.
Well, but it doesn't solve the bug. Again, LDAP authentication and nsswitch lookups 
via ldap://localhost:389/ work FINE, just PERFECTLY! But via ldapi://
%2fvar%2frun%2fldapi/ (unix domain socket in /var/run/ldapi ) it produces segfaults. 

Comment 10 Jay Turner 2004-01-16 17:16:23 UTC
An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2003-339.html


Comment 11 Ryan Dooley 2004-03-12 21:35:20 UTC
Actually, I'm having the same issue here.  One difference is that 
our LDAPS server is Active Directory.  If LDAPS is enabled (I've not 
tried just LDAP) to ports 3268 (with TLS) and 3269 (with SSL) I run 
into the same issues. 
 
Here is something else.  Under Fedora Core (1.90), the nss_ldap 
package works flawlessly (there is another issue with kcheckpass but 
I'll save that for later).  As an experiment I compiled the nss_ldap 
from Fedora 1.90 (nss_ldap-207-6) but that didn't help at all, I 
still get segmentation violations and behavior described by Jan Koop 
above. 
 
This might be a cyrus-sasl issue but I have not looked into that 
yet. 

Comment 12 Ryan Dooley 2004-03-12 21:35:59 UTC
One other note.  This is Red Hat Enterprise 3 (Update 1) and not the 
public beta. 


Note You need to log in before you can comment on or make changes to this bug.