Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/6030 Hi, The Directory Services crashes several times a day. It's installed on CentOS 7 VM : Installed Packages Name : ipa-server Arch : x86_64 Version : 4.2.0 # ipactl status Directory Service: STOPPED krb5kdc Service: RUNNING kadmin Service: RUNNING ipa_memcached Service: RUNNING httpd Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa: INFO: The ipactl command was successful Before each crash, I have these messages in /var/log/dirsrv/slapd-XXXXX/errors : [30/Jun/2016:09:35:19 +0100] ipapwd_encrypt_encode_key - [file encoding.c, line 171]: generating kerberos keys failed [Invalid argument] [30/Jun/2016:09:35:19 +0100] ipapwd_gen_hashes - [file encoding.c, line 225]: key encryption/encoding failed There is a bug in ipapwd plugin which causes Directory Service crash when some users try to bind. Please take a look to attached core file. Best regards
Created attachment 1179310 [details] This patch to allocated empty kset
Fixed upstream master: https://fedorahosted.org/freeipa/changeset/b04f617803c430b13f8796e911f78bd65f6cf55f
Please provide the steps to verify this.
Marking the bug verified as there is no such crash seen when user tries to bind. Tested on RHEL73 using ipa-server-4.4.0-12.el7.x86_64 389-ds-base-1.3.5.10-11.el7.x86_64 [root@master ~]# ldapsearch -x -h master.test-relm.test -b dc=test-relm,dc=test uid=userx -W Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=test-relm,dc=test> with scope subtree # filter: uid=userx # requesting: ALL # # userx, users, compat, test-relm.test dn: uid=userx,cn=users,cn=compat,dc=test-relm,dc=test cn: Fx Lx objectClass: posixAccount objectClass: ipaOverrideTarget objectClass: top gidNumber: 539000001 ipaAnchorUUID:: OklQQTp0ZXN0LXJlbG0udGVzdDoxZjdkNDIwMi03YzA2LTExZTYtYTJhMC01Mj U0MDBlNzE1YjE= gecos: Fx Lx uidNumber: 539000001 loginShell: /bin/sh homeDirectory: /home/userx uid: userx # userx, users, accounts, test-relm.test dn: uid=userx,cn=users,cn=accounts,dc=test-relm,dc=test displayName: Fx Lx uid: userx objectClass: ipaobject objectClass: person objectClass: top objectClass: ipasshuser objectClass: inetorgperson objectClass: organizationalperson objectClass: krbticketpolicyaux objectClass: krbprincipalaux objectClass: inetuser objectClass: posixaccount objectClass: ipaSshGroupOfPubKeys objectClass: mepOriginEntry loginShell: /bin/sh initials: FL gecos: Fx Lx sn: Lx homeDirectory: /home/userx givenName: Fx cn: Fx Lx uidNumber: 539000001 gidNumber: 539000001 # search result search: 2 result: 0 Success # numResponses: 3 # numEntries: 2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html