Description of problem: If you configure a suffix referral, ns-slapd sefaults looking up the suffix. Version-Release number of selected component (if applicable): 1.2.8.3 Steps to reproduce: 1- Create a new DS instance. 2- Create a referral: ldapadd -x -D "cn=directory manager" -w xxxxx << EOF dn: ou=referral,dc=localdomain ou: referral description: Ingenieria objectClass: top objectClass: organizationalUnit dn: cn=ou\3Dreferral\2Cdc\3Dlocaldomain,cn=mapping tree,cn=config objectclass: extensibleObject objectclass: nsMappingTree nsslapd-state: referral nsslapd-referral: ldaps://otherserver.com:389/ou=foo,o=bar EOF 3- Do a search: ldapsearch -x -D "cn=directory manager" -w xxxxx -b dc=localdomain 4- The server will crash just before returning the referal suffix. Actual results: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xa401fb70 (LWP 29922)] 0xb7f72144 in slapi_be_select (sdn=0x83563d0) at ldap/servers/slapd/mapping_tree.c:2909 2909 ldap/servers/slapd/mapping_tree.c: No such file or directory. in ldap/servers/slapd/mapping_tree.c #0 0xb7f72144 in slapi_be_select (sdn=0x83563d0) at ldap/servers/slapd/mapping_tree.c:2909 #1 0xb7fb8151 in vattr_test_filter (pb=0x8352ba0, e=0x83563d0, f=0x82f46d0, filter_type=FILTER_TYPE_PRES, type=0x81822b0 "objectClass") at ldap/servers/slapd/vattr.c:432 #2 0xb7f5ac25 in slapi_vattr_filter_test_ext_internal (pb=<value optimized out>, e=<value optimized out>, f=0x82f46d0, verify_access=1, only_check_access=0, access_check_done=0xa401674c) at ldap/servers/slapd/filterentry.c:894 #3 0xb7f5b106 in slapi_vattr_filter_test_ext (pb=0x2, e=0x83563d0, f=0x82f46d0, verify_access=1, only_check_access=0) at ldap/servers/slapd/filterentry.c:839 #4 0xb7f5b1ba in slapi_vattr_filter_test (pb=0x8352ba0, e=0x83563d0, f=0x82f46d0, verify_access=1) at ldap/servers/slapd/filterentry.c:787 #5 0xb6414471 in ldbm_back_next_search_entry_ext (pb=0x8352ba0, use_extension=0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1408 #6 0xb6414ab5 in ldbm_back_next_search_entry (pb=0x8352ba0) at ldap/servers/slapd/back-ldbm/ldbm_search.c:1141 #7 0xb7f7dd6a in iterate (pb=0x8352ba0, be=<value optimized out>, pnentries=0xa401eda8, pagesize=-1, pr_statp=0xa401ed94, send_result=<value optimized out>) at ldap/servers/slapd/opshared.c:1141 #8 0xb7f7e2dd in send_results_ext (pb=0x8352ba0, nentries=0xa401eda8, pagesize=-1, pr_stat=0xa401ed94, send_result=<value optimized out>) at ldap/servers/slapd/opshared.c:1526 #9 0xb7f7ef65 in op_shared_search (pb=0x8352ba0, send_result=1) at ldap/servers/slapd/opshared.c:733
Thanks. Looks like the fix is a one liner: --- a/ldap/servers/slapd/mapping_tree.c +++ b/ldap/servers/slapd/mapping_tree.c @@ -2905,7 +2905,7 @@ slapi_be_select( const Slapi_DN *sdn ) /* JCM - The name of this should change?? { Slapi_Backend *be; mapping_tree_node *node= slapi_get_mapping_tree_node_by_dn(sdn); - if(node!=NULL) + if((node!=NULL) && (node->mtn_be!=NULL)) be= node->mtn_be[0]; else be = NULL; Unfortunately, after the fix, the referral is not returned: ldapsearch -x -D "cn=directory manager" -w xxxxx -b dc=localdomain ... # referral, localdomain dn: ou=referral,dc=localdomain ou: referral description: Ingenieria objectClass: top objectClass: organizationalUnit # search result search: 2 result: 0 Success # numResponses: 11 # numEntries: 10 I guess because there is an actual entry, it uses it rather than see if there is a suffix referral. If you need ou=referral,dc=localdomain to be a referral, either remove the real entry, or use a smart referral instead (objectclass: ref) - will investigate some more.
Created attachment 503925 [details] 0001-Bug-711906-ns-slapd-segfaults-using-suffix-referrals.patch
To ssh://git.fedorahosted.org/git/389/ds.git f290f80..fb9b444 master -> master commit fb9b444fc620a9ccae03d578c7c4b8ed56b82465 Author: Rich Megginson <rmeggins> Date: Thu Jun 9 09:39:08 2011 -0600 Reviewed by: nkinder (Thanks!) Branch: master Fix Description: Check node->mtn_be for NULL before dereferencing it Platforms tested: RHEL6 x86_64 Flag Day: no Doc impact: no
Comment on attachment 503925 [details] 0001-Bug-711906-ns-slapd-segfaults-using-suffix-referrals.patch Works for me!
ldapadd -x -h localhost -p 1389 -D "cn=directory manager" -w Secret123 << EOF dn: ou=referral1,dc=example,dc=com ou: referral description: Ingenieria objectClass: top objectClass: organizationalUnit dn: cn=ou\3Dreferral1\2Cdc\3Dexample\2Cdc\3Dcom,cn=mapping tree,cn=config objectclass: extensibleObject objectclass: nsMappingTree nsslapd-state: referral nsslapd-referral: ldap://10.65.201.213:1389/ou=People,dc=example,dc=com EOF ldapsearch -x -h localhost -p 1389 -D "cn=Directory Manager" -w Secret123 -b "ou=referral1,dc=example,dc=com" Server did not crash, hence marking bug as VERIFIED.