Bug 488857 - nss_ldap bug causes nscd to crash with `ldap_result: Assertion `ld != ((void *)0)' failed.'
Summary: nss_ldap bug causes nscd to crash with `ldap_result: Assertion `ld != ((void ...
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss_ldap
Version: 5.2
Hardware: All
OS: Linux
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: BaseOS QE
Depends On:
Blocks: 566632
TreeView+ depends on / blocked
Reported: 2009-03-05 23:21 UTC by jos
Modified: 2018-10-20 02:02 UTC (History)
7 users (show)

Fixed In Version: 253-20.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 566632 (view as bug list)
Last Closed: 2009-09-02 11:49:09 UTC
Target Upstream Version:

Attachments (Terms of Use)
Patch to ldap-nss.c fixing issue (443 bytes, patch)
2009-03-05 23:24 UTC, jos
no flags Details | Diff
alternate patch (3.65 KB, patch)
2009-05-11 21:17 UTC, Nalin Dahyabhai
no flags Details | Diff

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1379 0 normal SHIPPED_LIVE nss_ldap bug fix update 2009-09-01 11:47:27 UTC

Description jos 2009-03-05 23:21:58 UTC
Description of problem:

When using nss_ldap with user accounts in LDAP and the `nss_connect_policy oneshot' directive in /etc/ldap.conf, running `id <LDAP user>' causes id to fail and nscd to crash.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. service nscd start
2. Enable `nss_connect_policy oneshot' in /etc/ldap.conf
3. id <existing LDAP user>
Actual results:

# id josb
id: ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld != ((void *)0)' failed.
uid=1001(josb) gid=1000(eng)Aborted

Expected results:

[root src]# ./id josb
uid=1001(josb) gid=1000(eng) groups=10000(ldap_other)
[root src]# 

Additional info:

The fix is available in http://bugzilla.padl.com/show_bug.cgi?id=350. See attachment.

Comment 1 jos 2009-03-05 23:24:46 UTC
Created attachment 334233 [details]
Patch to ldap-nss.c fixing issue

Please consider applying this patch; it fixes this problem for me.

Comment 2 jos 2009-03-06 19:01:43 UTC
Sorry, I spoke too soon. The attached patch causes any LDAP entries to be omitted, which is almost as bad as crashing. Further inspection of PADLs Bugzilla reveals two other bugs:


which indicates that this problem is NOT solved upstream.

Please consider shipping http://ch.tudelft.nl/~arthur/nss-ldapd/ in extras, because as it stands nss_ldap is unusable.

Comment 3 Magnus Glantz 2009-05-07 09:06:24 UTC
I can verify this bug on RHEL 5.2 server and desktop using:

This can be a major issue if you are administrating thousands of ldap clients and need to keep them from having persistent connections.

A thought might be that setting:
paranoia         yes
restart-interval           3600
in /etc/nscd.conf may solve this issue..

I'm going to try that out and see what happens.

Comment 4 Magnus Glantz 2009-05-07 09:32:23 UTC
paranoia         yes
restart-interval         3600
in /etc/nscd.conf didn't do the trick..

Actually, after some testing nscd started to crash at boot.

Comment 5 Nalin Dahyabhai 2009-05-11 21:17:53 UTC
Created attachment 343505 [details]
alternate patch

Comment 8 Magnus Glantz 2009-05-15 09:16:52 UTC
The most recent - alternate patch (id=343505) solves the issue for me.

Comment 16 errata-xmlrpc 2009-09-02 11:49:09 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.