Full_Name: Stanislav Toko. Version: 2.4.45 - 2.4.49 OS: Gentoo and Ubuntu 18.04 URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (147.231.37.132) Several logins on locked account with operational attribute pwdAccountLockedTime ends with crash slapd. Details are below: #1 0x00007f92f6e1a801 in __GI_abort () at abort.c:79 save_stage = 1 act = {__sigaction_handler = {sa_handler = 0x7f9290000c40, sa_sigaction = 0x7f9290000c40}, sa_mask = {__val = {0, 0, 0, 0, 0, 140267535435096, 0, 140267535434928, 140269185487312, 21474836480, 140269185472472, 0, 3086719068234460928, 140269185457428, 0, 140269185472472}}, sa_flags = -282311760, sa_restorer = 0x7f92ef2c41a3} sigs = {__val = {32, 0 <repeats 15 times>}} __cnt = <optimized out> __set = <optimized out> __cnt = <optimized out> __set = <optimized out> #2 0x00007f92f6e0a39a in __assert_fail_base (fmt=0x7f92f6f917d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x7f92ef2c41a3 "rs->sr_ctrls != NULL", file=file@entry=0x7f92ef2c43b0 "../../../../../servers/slapd/overlays/ppolicy.c", line=line@entry=912, function=function@entry=0x7f92ef2c5310 "ctrls_cleanup") at assert.c:92 str = 0x7f9290000c40 "`\032" total = 4096 #3 0x00007f92f6e0a412 in __GI___assert_fail (assertion=0x7f92ef2c41a3 "rs->sr_ctrls != NULL", file=0x7f92ef2c43b0 "../../../../../servers/slapd/overlays/ppolicy.c", line=912, function=0x7f92ef2c5310 "ctrls_cleanup") at assert.c:101 No locals. Feb 14 08:49:50 net slapd[8393]: => get_ctrls Feb 14 08:49:50 net slapd[8393]: => get_ctrls: oid="1.3.6.1.4.1.42.2.27.8.5.1" (noncritical) Feb 14 08:49:50 net slapd[8393]: <= get_ctrls: n=1 rc=0 err="" Feb 14 08:49:50 net slapd[8393]: >>> dnPrettyNormal: <uid=test,ou=People,dc=compass> Feb 14 08:49:50 net slapd[8393]: <<< dnPrettyNormal: <uid=test,ou=People,dc=compass>, <uid=test,ou=people,dc=compass> Feb 14 08:49:50 net slapd[8393]: conn=1005 op=1 BIND dn="uid=test,ou=People,dc=compass" method=128 Feb 14 08:49:50 net slapd[8393]: do_bind: version=3 dn="uid=test,ou=People,dc=compass" method=128 Feb 14 08:49:50 net slapd[8393]: => mdb_entry_get: ndn: "uid=test,ou=people,dc=compass" Feb 14 08:49:50 net slapd[8393]: => mdb_entry_get: oc: "(null)", at: "(null)" Feb 14 08:49:50 net slapd[8393]: mdb_dn2entry("uid=test,ou=people,dc=compass") Feb 14 08:49:50 net slapd[8393]: => mdb_dn2id("uid=test,ou=people,dc=compass") Feb 14 08:49:50 net slapd[8393]: <= mdb_dn2id: got id=0x6 Feb 14 08:49:50 net slapd[8393]: => mdb_entry_decode: Feb 14 08:49:50 net slapd[8393]: <= mdb_entry_decode Feb 14 08:49:50 net slapd[8393]: => mdb_entry_get: found entry: "uid=test,ou=people,dc=compass" Feb 14 08:49:50 net slapd[8393]: mdb_entry_get: rc=0 Feb 14 08:49:50 net slapd[8393]: => mdb_entry_get: ndn: "cn=ppolicy,ou=policies,dc=compass" Feb 14 08:49:50 net slapd[8393]: => mdb_entry_get: oc: "(null)", at: "(null)" Feb 14 08:49:50 net slapd[8393]: mdb_dn2entry("cn=ppolicy,ou=policies,dc=compass") Feb 14 08:49:50 net slapd[8393]: => mdb_dn2id("cn=ppolicy,ou=policies,dc=compass") Feb 14 08:49:50 net slapd[8393]: <= mdb_dn2id: got id=0x9 Feb 14 08:49:50 net slapd[8393]: => mdb_entry_decode: Feb 14 08:49:50 net slapd[8393]: <= mdb_entry_decode Feb 14 08:49:50 net slapd[8393]: => mdb_entry_get: found entry: "cn=ppolicy,ou=policies,dc=compass" Feb 14 08:49:50 net slapd[8393]: mdb_entry_get: rc=0 Feb 14 08:49:50 net slapd[8393]: send_ldap_result: conn=1005 op=1 p=3 Feb 14 08:49:50 net slapd[8393]: send_ldap_result: err=49 matched="" text="" Feb 14 08:49:50 net slapd[8393]: send_ldap_response: msgid=2 tag=97 err=49 Feb 14 08:49:50 net slapd[8393]: conn=1005 op=1 RESULT tag=97 err=49 text= Feb 14 08:49:50 net slapd[8716]: * Stopping OpenLDAP slapd Feb 14 08:49:50 net slapd[8716]: ...done. database: dn: dc=compass dc: compass objectClass: top objectClass: domain objectClass: dcObject creatorsName: cn=Manager,dc=compass o: COMPASS description: old compass domain modifiersName: cn=manager,dc=compass structuralObjectClass: domain entryUUID: 7127423c-e0e2-1039-97dc-334be5149c5f createTimestamp: 20200211062111Z entryCSN: 20200211062111.313576Z#000000#000#000000 modifyTimestamp: 20200211062111Z dn: ou=Group,dc=compass ou: Group objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: 7b30de80-e0e4-1039-84b8-c7dff63f23d9 creatorsName: cn=manager,dc=compass createTimestamp: 20200211063547Z entryCSN: 20200211063547.147292Z#000000#001#000000 modifiersName: cn=manager,dc=compass modifyTimestamp: 20200211063547Z dn: cn=users,ou=Group,dc=compass cn: users gidNumber: 100 objectClass: posixGroup objectClass: groupOfMembers objectClass: top objectClass: sambaGroupMapping sambaSID: S-1-5-21-3927199971-2202295266-3581313430-1201 sambaGroupType: 2 memberUid: fridrich structuralObjectClass: groupOfMembers entryUUID: 7b30eff6-e0e4-1039-84b9-c7dff63f23d9 creatorsName: cn=manager,dc=compass createTimestamp: 20200211063547Z entryCSN: 20200211063547.147739Z#000000#001#000000 modifiersName: cn=manager,dc=compass modifyTimestamp: 20200211063547Z dn: ou=People,dc=compass ou: People structuralObjectClass: organizationalUnit entryUUID: 7b310586-e0e4-1039-84ba-c7dff63f23d9 creatorsName: cn=manager,dc=compass createTimestamp: 20200211063547Z objectClass: organizationalUnit objectClass: top entryCSN: 20200211111336.349173Z#000000#001#000000 modifiersName: cn=manager,dc=compass modifyTimestamp: 20200211111336Z dn: uid=test,ou=People,dc=compass cn: test test sn: test uid: test uidNumber: 1358 gidNumber: 100 homeDirectory: /compass/home/test loginShell: /bin/bash gecos: test test givenName: test displayName: test test krb5KDCFlags: 126 krb5PrincipalName: test@TOK.IPP.CAS.CZ mail: test@test.cz manager: uid=fridrich,ou=People,dc=compass structuralObjectClass: inetOrgPerson entryUUID: 6e413e62-e0e5-1039-84bb-c7dff63f23d9 creatorsName: cn=manager,dc=compass createTimestamp: 20200211064234Z shadowLastChange: 18303 userPassword:: e1NTSEF9djBSTjBYUXFRdm1LdHRLTEpLbm9nWnM5cEF1NWl2OFY= krb5KeyVersionNumber: 14 krb5Key:: MDShEzARoAMCAQGhCgQIdtwIZKEO04qiHTAboAMCAQOhFAQSVE9LLklQUC5DQVMuQ1 p0ZXN0 krb5Key:: MDShEzARoAMCAQKhCgQIdtwIZKEO04qiHTAboAMCAQOhFAQSVE9LLklQUC5DQVMuQ1 p0ZXN0 krb5Key:: MDShEzARoAMCAQOhCgQIdtwIZKEO04qiHTAboAMCAQOhFAQSVE9LLklQUC5DQVMuQ1 p0ZXN0 krb5Key:: MEShIzAhoAMCARChGgQYx7AONCytE1gay6jvNEaegLZDsFgTnaiboh0wG6ADAgEDoR QEElRPSy5JUFAuQ0FTLkNadGVzdA== krb5Key:: MDyhGzAZoAMCARehEgQQg1WsugnCKytyC1Uox/1uv6IdMBugAwIBA6EUBBJUT0suSV BQLkNBUy5DWnRlc3Q= krb5Key:: MEyhKzApoAMCARKhIgQgXXs6NrJQUZFXZy00IXNfViZYxbBTaL5WeRwlOFa1xlWiHT AboAMCAQOhFAQSVE9LLklQUC5DQVMuQ1p0ZXN0 pwdChangedTime: 20200212113320Z pwdHistory: 20200212113320Z#1.3.6.1.4.1.1466.115.121.1.40#38#{SSHA}tOXL8axp5 Op31HrMfL/cOMokrHqEfVD2 pwdFailureTime: 20200212134208.674800Z pwdFailureTime: 20200212134212.394433Z pwdFailureTime: 20200212134220.973965Z pwdFailureTime: 20200212134224.525514Z pwdFailureTime: 20200212134228.174908Z objectClass: inetOrgPerson objectClass: krb5KDCEntry objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: sambaSamAccount objectClass: shadowAccount objectClass: top sambaAcctFlags: [UX] sambaHomeDrive: H: sambaHomePath: \\DIPROTON\test sambaLMPassword: 2fdae2e1215a354faad3b435b51404ee sambaLogoffTime: 2147483647 sambaLogonScript: logon.bat sambaLogonTime: 2147483647 sambaNTPassword: 8355acba09c22b2b720b5528c7fd6ebf sambaPrimaryGroupSID: S-1-5-21-3927199971-2202295266-3581313430-1201 sambaPwdCanChange: 17563 sambaPwdLastSet: 1581507200 sambaPwdMustChange: 2147483647 sambaSID: S-1-5-21-3927199971-2202295266-3581313430-3716 pwdAccountLockedTime: 000001010000Z entryCSN: 20200212161607.719838Z#000000#001#000000 modifiersName: cn=manager,dc=compass modifyTimestamp: 20200212161607Z dn: ou=policies,dc=compass objectClass: top objectClass: organizationalUnit ou: policies description: Password policy structuralObjectClass: organizationalUnit entryUUID: a7264508-e1fb-1039-9fc0-6fee7d141603 creatorsName: cn=manager,dc=compass createTimestamp: 20200212155410Z entryCSN: 20200212155410.485051Z#000000#001#000000 modifiersName: cn=manager,dc=compass modifyTimestamp: 20200212155410Z dn: cn=ppolicy,ou=policies,dc=compass objectClass: pwdPolicy objectClass: device objectClass: top pwdAllowUserChange: TRUE pwdAttribute: userPassword pwdCheckQuality: 2 pwdExpireWarning: 600 pwdFailureCountInterval: 30 pwdGraceAuthNLimit: 5 pwdInHistory: 5 pwdLockout: TRUE pwdLockoutDuration: 0 pwdMaxAge: 0 pwdMaxFailure: 5 pwdMinAge: 0 pwdMinLength: 5 pwdMustChange: FALSE pwdSafeModify: FALSE structuralObjectClass: device entryUUID: ea2d7e38-e1fc-1039-9fc1-6fee7d141603 creatorsName: cn=manager,dc=compass createTimestamp: 20200212160312Z cn: ppolicy entryCSN: 20200212160530.268134Z#000000#001#000000 modifiersName: cn=Manager,dc=compass modifyTimestamp: 20200212160530Z
On Fri, Feb 14, 2020 at 09:38:05AM +0000, tokos@ipp.cas.cz wrote: > Several logins on locked account with operational attribute pwdAccountLockedTime > ends with crash slapd. Hi Stanislav, I've tried to reproduce the issue, but everything works just fine for me with the attached configuration. Are you using any other overlays and modules apart from ppolicy? It would be best if you could attach your configuration (without passwords), backtrace and other set up needed to reproduce the issue. Thanks, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
Hi Ondrej, I uploaded my configuration here(ftp.openldap.org/incoming) : ftp> ls 200 PORT command successful 150 Opening ASCII mode data connection for file list -rw-r--r-- 1 ftp ftp 22099 Feb 17 13:55 backtrace-ldap.txt -rw-r--r-- 1 ftp ftp 110686 Feb 17 13:51 config-200217.ldif -rw-r--r-- 1 ftp ftp 5436 Feb 17 13:51 data-200217.ldif -rw-r--r-- 1 ftp ftp 5341 Feb 17 13:51 slapd.conf-compassinitial 226 Transfer complete ftp> pwd 257 "/incoming/9171" is the current directory Please, could you look into it? Thanks in advance. Stanislav
On Mon, Feb 17, 2020 at 02:17:32PM +0000, tokos@ipp.cas.cz wrote: > Hi Ondrej, > > I uploaded my configuration here(ftp.openldap.org/incoming) : Hi Stanislav, thanks for the information, I have been able to reproduce the issue and pushed a fix to master (commit 140b676bc1bd786f9fd1e7b047981e84b57cb354). Regards, -- Ondřej Kuzník Senior Software Engineer Symas Corporation http://www.symas.com Packaged, certified, and supported LDAP solutions powered by OpenLDAP
Fixed in master Fixed in RE24 (2.4.50)
changed notes changed state Open to Release moved from Incoming to Software Bugs
Hi Ondrej, I really appreciate so quick fix. Regards Stanislav pá 21. 2. 2020 v 11:49 odesílatel Ondřej Kuzník <ondra@mistotebe.net> napsal: > On Mon, Feb 17, 2020 at 02:17:32PM +0000, tokos@ipp.cas.cz wrote: > > Hi Ondrej, > > > > I uploaded my configuration here(ftp.openldap.org/incoming) : > > Hi Stanislav, > thanks for the information, I have been able to reproduce the issue and > pushed a fix to master (commit 140b676bc1bd786f9fd1e7b047981e84b57cb354). > > Regards, > > -- > Ondřej Kuzník > Senior Software Engineer > Symas Corporation http://www.symas.com > Packaged, certified, and supported LDAP solutions powered by OpenLDAP >
*** Issue 7384 has been marked as a duplicate of this issue. ***