[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL/GSSAPI



I have a bug I can't seem to decode.  slapd dies when accessed via GSSAPI on
one Linux (Red Hat 7.3 2.4.18-5smp) box, but works on another box.  I'm trying
to run ldap 2.1.7.

The failing system has both host/ and ldap/ keys in the keytab, and the ldap
client (ldapsearch) system gets as far as having the ldap/ key cached on it.

However it fails:

ldapsearch -Y GSSAPI -h utility5.wpi.edu '(uid=aej)'
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server

The core looks like this;

(gdb) where
#0  0x08220d0b in ?? ()
#1  0x400166eb in _sasldb_getdata (utils=0x8214260, context=0x82135c8, auth_identity=0x8220ae8 "aej",
    realm=0x8220ad8 "WPI.EDU", propName=0x8147ca6 "authzDN", out=0x408b87c4 "", max_out=8192, out_len=0x408b87b8)
    at db_berkeley.c:169
#2  0x4001508a in sasldb_auxprop_lookup (glob_context=0x0, sparams=0x820fd08, flags=0, user=0x8213fd9 "aej@WPI.EDU",
    ulen=11) at sasldb.c:113
#3  0x400d9032 in _sasl_auxprop_lookup (sparams=0x820fd08, flags=0, user=0x8213fd9 "aej@WPI.EDU", ulen=11)
    at auxprop.c:835
#4  0x400d94d1 in _sasl_canon_user (conn=0x82135c8, user=0x8213fd9 "aej@WPI.EDU", ulen=0, flags=3, oparams=0x8213e28)
    at canonusr.c:190
#5  0x4025372e in gssapi_server_mech_step (conn_context=0x820ed20, params=0x820fd08,
    clientin=0x821253e "`?\006\t*\206H\206%/1€Œiso8859-15,Aw\022\001\002\002\002\001\004", clientinlen=65, serverout=0x408ba99c,
    serveroutlen=0x408ba9a0, oparams=0x8213e28) at gssapi.c:980
#6  0x400e2169 in sasl_server_step (conn=0x82135c8,
    clientin=0x821253e "`?\006\t*\206H\206%/1€Œiso8859-15,Aw\022\001\002\002\002\001\004", clientinlen=65, serverout=0x408ba99c,
    serveroutlen=0x408ba9a0) at server.c:1264
#7  0x080800be in slap_sasl_bind (conn=0x40472d28, op=0x821d3a8, dn=0x408baa20, ndn=0x408baa28, cred=0x408baa3c,
    edn=0x408baa10, ssfp=0x408baa18) at sasl.c:1503
#8  0x08066504 in do_bind (conn=0x40472d28, op=0x821d3a8) at bind.c:291
#9  0x08051e4d in connection_operation (ctx=0x8214ac0, arg_v=0x821d430) at connection.c:945
#10 0x0809c911 in ldap_int_thread_pool_wrapper (xpool=0x81789d8) at tpool.c:431
#11 0x40172fef in pthread_start_thread () from /lib/i686/libpthread.so.0

I don't know why it would be looking in db_berkeley.  There was no /etc/sasldb
nor /etc/sasldb2 installed on either this or the working system.  I put "aej"
into saslpasswd and saslpasswd2, and it still dumps.  I don't want there to
have to be a sasldb, but I was curious if there would be a difference.

The end of the debug on the slapd server looks like this:

bdb_group: rc=1
<= check a_dn_pat: users
<= acl_mask: [2] applying read(=rscx) (stop)
<= acl_mask: [2] mask: read(=rscx)
=> access_allowed: search access granted by read(=rscx)
<= test_filter 6
====> bdb_cache_return_entry_r( 1331 ): created (0)
<==slap_sasl2dn: Converted SASL name to wpieduPersonUUID=2af586df6800b3389cbe7bcbf2a920df,ou=people,dc=wpi,dc=edu
getdn: dn:id converted to wpieduPersonUUID=2af586df6800b3389cbe7bcbf2a920df,ou=people,dc=wpi,dc=edu
SASL Canonicalize [conn=0]: authcDN="wpieduPersonUUID=2af586df6800b3389cbe7bcbf2a920df,ou=people,dc=wpi,dc=edu"
Segmentation fault

Can anyone point me in the direction of a clue?

Thanks.