[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(ITS#7336) Ldapmodify crashes slapd when updating olcTLSVerifyClient attribute via TLS authentication
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#7336) Ldapmodify crashes slapd when updating olcTLSVerifyClient attribute via TLS authentication
- From: martin.bozic@gmail.com
- Date: Wed, 25 Jul 2012 12:26:14 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Martin Bozic
Version: 2.4.23
OS: CentOS 6.3
URL: http://pastebin.com/hkPEcBgw
Submission from: (NULL) (2001:1470:f800::370)
Hello,
I've come across a bug that it's not critical but bug none the less. When I'm
trying to modify olcTLSVerifyClient via ldapmodify slapd crashes (segmentation
fault).
Via EXTERNAL everything works without a hitch:
ldapmodify -Y EXTERNAL -H ldapi:/// << EOF
dn: cn=config
changetype: modify
replace: olcTLSVerifyClient
olcTLSVerifyClient: demand
EOF
Via TLS connection slapd crashes:
ldapmodify -x -H ldaps://ldap.test.com -D cn=admin,cn=config -W << EOF
dn: cn=config
changetype: modify
replace: olcTLSVerifyClient
olcTLSVerifyClient: never
EOF
Configuration in cn=config:
dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: /usr/share/openldap-servers/slapd.conf.obsolete
olcConfigDir: /etc/openldap/slapd.d/
olcArgsFile: /var/run/openldap/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: none
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcDisallows: bind_anon
olcGentleHUP: FALSE
olcIdleTimeout: 30
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 128
olcLogLevel: config stats shell filter
olcPidFile: /var/run/openldap/slapd.pid
olcReadOnly: FALSE
olcReverseLookup: FALSE
olcSaslSecProps: noanonymous,noplain
olcSecurity: ssf=128
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCACertificateFile: /etc/openldap/cacerts/ca.crt
olcTLSCACertificatePath: /etc/openldap/certs
olcTLSCertificateFile: /etc/openldap/cacerts/slapd.crt
olcTLSCertificateKeyFile: /etc/openldap/cacerts/slapd.key
olcTLSCipherSuite: HIGH:MEDIUM:-SSLv2
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0
The slapd debug log is pasted in the URL below.
Regards,
Martin Bozic