[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ldap client tools core dumping with tls/ssl



At 03:52 PM 1/15/01 -0500, Robert Watt wrote:
>Hi.
>
>I'm having trouble with the ldap client tools core dumping every time I
>try to access my server using tls.
>
>I'm using OpenLdap v2.0.7 on a Red Hat 7.0 box, and compiled it with:
>
>./configure --prefix=/usr/local --enable-syslog --enable-debug
>--enable-cyrus-sasl --enable-tls --enable-fetch
>
>'make test' reports no errors.
>
>Using openssl's CA.pl I generated a CA cert, server cert and key and
>server starts with: slapd -h ldaps://localhost:636 -d255
>
>As soon as I try to query or add by connecting to the secure server, the
>client seg faults and dumps core. The switches I'm using are:
>
>  ldapsearch -x -b "dc=collab,dc=net" -Z -H ldaps://localhost:636 cn=*

I note that using Start TLS in conjunction with LDAP over SSL makes
no sense.  That is, -Z and -H ldaps://... are mutually exclusive options.
However, as you didn't make it to Start TLS code, you didn't get
the warning (error if -ZZ).

I also note that in your client log, the command had no -x, so
SASL was used.  One shouldn't use SASL in conjunction with ldaps://.
You also did not have a space between the -w and secret which
might cause odd behavior.

Of ldap clients shouldn't crash.  To sort out why it crashed,
I'd need a stack traceback.  You're welcome to submit an ITS
on this.

As far as sorting out why LDAP over SSL is failing, I would
suggest experimenting with openssl(1) s_client and s_server.

>Attached is the debugging output from the client and the server.
>
>Any help or ideas would be appreciated.