Bug 488857 - nss_ldap bug causes nscd to crash with `ldap_result: Assertion `ld != ((void *)0)' failed.'
nss_ldap bug causes nscd to crash with `ldap_result: Assertion `ld != ((void ...
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss_ldap (Show other bugs)
All Linux
urgent Severity high
: rc
: ---
Assigned To: Nalin Dahyabhai
Depends On:
Blocks: 566632
  Show dependency treegraph
Reported: 2009-03-05 18:21 EST by jos
Modified: 2010-10-23 04:08 EDT (History)
7 users (show)

See Also:
Fixed In Version: 253-20.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 566632 (view as bug list)
Last Closed: 2009-09-02 07:49:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to ldap-nss.c fixing issue (443 bytes, patch)
2009-03-05 18:24 EST, jos
no flags Details | Diff
alternate patch (3.65 KB, patch)
2009-05-11 17:17 EDT, Nalin Dahyabhai
no flags Details | Diff

  None (edit)
Description jos 2009-03-05 18:21:58 EST
Description of problem:

When using nss_ldap with user accounts in LDAP and the `nss_connect_policy oneshot' directive in /etc/ldap.conf, running `id <LDAP user>' causes id to fail and nscd to crash.

Version-Release number of selected component (if applicable):


How reproducible:

Steps to Reproduce:
1. service nscd start
2. Enable `nss_connect_policy oneshot' in /etc/ldap.conf
3. id <existing LDAP user>
Actual results:

# id josb
id: ../../../libraries/libldap/result.c:113: ldap_result: Assertion `ld != ((void *)0)' failed.
uid=1001(josb) gid=1000(eng)Aborted

Expected results:

[root@scm1-lv1.lv1 src]# ./id josb
uid=1001(josb) gid=1000(eng) groups=10000(ldap_other)
[root@scm1-lv1.lv1 src]# 

Additional info:

The fix is available in http://bugzilla.padl.com/show_bug.cgi?id=350. See attachment.
Comment 1 jos 2009-03-05 18:24:46 EST
Created attachment 334233 [details]
Patch to ldap-nss.c fixing issue

Please consider applying this patch; it fixes this problem for me.
Comment 2 jos 2009-03-06 14:01:43 EST
Sorry, I spoke too soon. The attached patch causes any LDAP entries to be omitted, which is almost as bad as crashing. Further inspection of PADLs Bugzilla reveals two other bugs:


which indicates that this problem is NOT solved upstream.

Please consider shipping http://ch.tudelft.nl/~arthur/nss-ldapd/ in extras, because as it stands nss_ldap is unusable.
Comment 3 Magnus Glantz 2009-05-07 05:06:24 EDT
I can verify this bug on RHEL 5.2 server and desktop using:

This can be a major issue if you are administrating thousands of ldap clients and need to keep them from having persistent connections.

A thought might be that setting:
paranoia         yes
restart-interval           3600
in /etc/nscd.conf may solve this issue..

I'm going to try that out and see what happens.
Comment 4 Magnus Glantz 2009-05-07 05:32:23 EDT
paranoia         yes
restart-interval         3600
in /etc/nscd.conf didn't do the trick..

Actually, after some testing nscd started to crash at boot.
Comment 5 Nalin Dahyabhai 2009-05-11 17:17:53 EDT
Created attachment 343505 [details]
alternate patch
Comment 8 Magnus Glantz 2009-05-15 05:16:52 EDT
The most recent - alternate patch (id=343505) solves the issue for me.
Comment 16 errata-xmlrpc 2009-09-02 07:49:09 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.