Bug 158351 - Assertion in ber_sockbuf_ctrl fails when looking up group information via LDAP
Assertion in ber_sockbuf_ctrl fails when looking up group information via LDAP
Status: CLOSED CANTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openldap (Show other bugs)
4.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jan Safranek
Jay Turner
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-05-20 15:38 EDT by Jonathan Fischer
Modified: 2015-01-07 19:09 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-06-21 04:31:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Pam_ldap configuration file. (5.73 KB, text/plain)
2005-05-20 15:41 EDT, Jonathan Fischer
no flags Details

  None (edit)
Description Jonathan Fischer 2005-05-20 15:38:50 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
When running 'getent group' to get a listing of groups in our LDAP server (Windows 2003 Active Directory), I get output that contains only the first group before getting an assertion in ber_sockbuf_ctrl.  This also occurs when attempting to start mailman, which is why we noticed the problem.

Version-Release number of selected component (if applicable):
openldap-2.2.13-2

How reproducible:
Always

Steps to Reproduce:
1. Run 'getent group' on a computer using LDAP to look up accounts & groups in Active Directory.


Actual Results:  ... (snipped as it's irrelevant)
xfs:x:43:
ntp:x:38:
gdm:x:42:
dovecot:x:97:
postdrop:x:90:
postfix:x:89:
mailman:x:41:
Staff:x:174:mniedens,QuotaServer,mcafee,wcraig2
getent: ../../../libraries/liblber/sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed.


Expected Results:  A complete list of Active Directory groups, and no assertions failing.

Additional info:

I'll attach our ldap.conf file to this bug; everything else has been left at the defaults.  System is fully up-to-date as of 12:38 PM Pacific Time, May 20 2005.
Comment 1 Jonathan Fischer 2005-05-20 15:41:42 EDT
Created attachment 114649 [details]
Pam_ldap configuration file.
Comment 2 Jonathan Fischer 2005-05-20 15:42:54 EDT
Appears to be similiar to this bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124549
Comment 3 Michael Jeanson 2005-06-27 11:23:25 EDT
I have the same problem on RHEL4 x86_64
The server is openldap and not active directory, the same configuration works
well on RHEL3.
Comment 4 Patrick Vachon 2005-07-22 10:59:29 EDT
I have the same problem with an OpenLDAP server in a master-slave configuration.
I've tried the following nss_ldap patches and it seems to work:

http://bugzilla.padl.com/show_bug.cgi?id=210
http://bugzilla.padl.com/show_bug.cgi?id=211

See also 
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069
Comment 5 Patrick Vachon 2005-07-22 11:26:56 EDT
Sorry, I spoke too fast :(
Comment 6 Rituraj 2006-05-09 06:08:43 EDT
This has been a blocker for us. I have even tried latest nss_ldap and pam_ldap 
as suggested. The setting (with referrals on) works under Redhat 9 but has a 
problem with RHEL/FC4 onwards.

Rituraj
Comment 7 Jay Fenlason 2006-05-09 10:08:20 EDT
Have you contacted Red Hat support?  Bugs without support requests attached 
are very difficult to get added to the lists of bugs to fix in upcoming update 
releases. 
 
Also, have you tried FC5 and/or Rawhide?  They have newer versions of OpenLDAP 
and nss_ldap in them, which may have this bug fixed already. 
Comment 8 Jan Safranek 2007-06-21 04:31:41 EDT
Please contack Red Hat support at http://redhat.com/support, which may help you
to resolve this issue.

Note You need to log in before you can comment on or make changes to this bug.