Re: OpenLDAP segfaults when used with ssl

[Chee Wai Yeung <cheewai_yeung2003@yahoo.com.hk>]

Hi,

I am not sure if it is the case, but it may be because
of a mixed libsasl2.so (seems to be version that comes
with distribution) with your own compiled openssl. I
use my own compiled libsasl2.so which was compiled
with the openssl I also compiled myself and I have no
problems with openldap running SSL/TLS mode.

May be you can also try to compile your own libsasl2
(cyrus-sasl-2.1.X) - make sure you use your own
openssl during configure - and then recompile openldap
to use your own compiled sasl2 to see if this fixes
the problem. (FYI I didn't install cyrus-sasl that
comes with Redhat).

Chee Wai

--- Christian Guenther <christian.guenther@amaxa.com>
wrote:
> Hi Tony,
> 
> this is the output of ldd on my self compiled slapd.
> As a reminder,
> my openssl implementation is installed under
> /usr/local/openssl
> so that it may not interfere with the one from my
> distribution.
> As a second notye. I now have openssl-0.9.6j and
> openssl-0.9.7b
> installed under /usr/local.
> At the moment of my tests I had a link set from
> openssl-0.9.7b to
> openssl.
> 
> > Also, do an ldd on the slapd binary. A pound to a
> penny there are mixed 
> > Openssl library ref.s compiled in. configure might
> even have found 
> > different sasl versions too, and compiled ref.s
> for /them/ in, since 
> > SASL inclusion is automatic (given the segfault
> without the -x operator.).
>  
> As you can see slapd uses a library that is part of
> my distribution
> - namely /lib/libcrypt.so.1.
> Is that bad? Where is the difference between
> libcrypto.so and
> libcrypt.so?
> 
> [root@cortex root]# ldd /usr/libexec/slapd 
> libldap_r.so.2 => /usr/lib/libldap_r.so.2
> (0x40023000)
> liblber.so.2 => /usr/lib/liblber.so.2 (0x40059000)
> libdb-4.1.so => /opt/db-4.1.25/lib/libdb-4.1.so
> (0x40064000)
> libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x40112000)
> libssl.so.0.9.7 =>
> /usr/local/openssl/lib/libssl.so.0.9.7 (0x40125000)
> libcrypto.so.0.9.7 =>
> /usr/local/openssl/lib/libcrypto.so.0.9.7 
> 	(0x40153000)
> libcrypt.so.1 => /lib/libcrypt.so.1 (0x40241000)
> libresolv.so.2 => /lib/libresolv.so.2 (0x4026e000)
> libltdl.so.3 => /usr/lib/libltdl.so.3 (0x40280000)
> libdl.so.2 => /lib/libdl.so.2 (0x40288000)
> libwrap.so.0 => /usr/lib/libwrap.so.0 (0x4028c000)
> libpthread.so.0 => /lib/i686/libpthread.so.0
> (0x40295000)
> libc.so.6 => /lib/i686/libc.so.6 (0x402e5000)
> /lib/ld-linux.so.2 => /lib/ld-linux.so.2
> (0x40000000)
> libnsl.so.1 => /lib/libnsl.so.1 (0x4041d000)
> 
> > I've had it all myself in the past :-)
> That gives me hope. Maybe you can enlight me to?
> 
> Greetings,
> 
> 	chris
> 
> 
> Diese E-Mail enthaelt vertrauliche und/oder
> rechtlich geschuetzte
> Informationen. Wenn Sie nicht der richtige Adressat
> sind oder 
> diese E-Mail irrtuemlich erhalten haben, informieren
> Sie bitte 
> sofort den Absender und vernichten Sie diese Mail. 
> Das unerlaubte Kopieren sowie die unbefugte
> Weitergabe dieser 
> Mail ist nicht gestattet.
> 
> This e-mail may contain confidential and/or
> privileged information. 
> If you are not the intended recipient (or have
> received this e-mail
> in error) please notify the sender immediately and
> destroy this 
> e-mail. Any unauthorised copying, disclosure or
> distribution of the
> material in this e-mail is strictly forbidden.
> 
> 


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com