[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: still segmentation faults with SSL






Hi Christian,

I'm not sure why you are segfaulting, but consider these ...

Do you have 'localhost' anywhere in your configuration files?

Is the slapd daemon really owned by ldap/root (user/group)?  I don't have
to run slapd with -u/-g.

Do you have more than one slapd.exe on the system?  What is the result of
"which slapd"?  I always like to enter the full path of slapd just to make
sure (/usr/libexec/slapd on my machine).

Is slapd.conf in /etc/openldap or /usr/etc/openldap?  You might be using
the wrong file or no file at all.  Is that even possible?

The "address family not supported by protocol" error for both ldap:// and
ldaps:// means that it isn't only a TLS/SSL issue.  I haven't run into that
one (yet), so hopefully someone who has can help you out with it.

I would try to start out with a barebones server (no SSL/TLS, etc) and go
from there.  If you are already doing this ... I'll light a candle for you.

I hope this helps.

Cheers,
Kent Soper

"You don't stop playing because you grow old ...
       you grow old because you stop playing."

Linux Technology Center, Linux Security
phone:  1-512-838-9216
e-mail:  dksoper@us.ibm.com




                                                                                                                                
                      Christian Guenther                                                                                        
                      <christian.guenther@amaxa        To:       openldap-software <openldap-software@OpenLDAP.org>             
                      .com>                            cc:                                                                      
                      Sent by:                         Subject:  still segmentation faults with SSL                             
                      owner-openldap-software@O                                                                                 
                      penLDAP.org                                                                                               
                                                                                                                                
                                                                                                                                
                      07/31/2003 08:55 AM                                                                                       
                                                                                                                                
                                                                                                                                




hi,

i'm completely helpless on this.

After 1 whole week of not doing anything else that trying to get
OpenLDAP with SSL/TLS to work I'm not even one step closer to my goal.

I will try to explain my problem in every detail in the hope that
someone might be able and willig to help me.

I have a RedHat Linux 9 box.
I deinstalled sasl, openldap, postfix, sendmail, nss_ldap and only kept
the original openssl on it.
I compiled and installed openssl 0.9.6j from source and placed it under
/usr/local/openssl making sure that my own openssl is always found and
used first. I did this by setting environment vars (LDFLAGS, CPPFLAGS),
putting /usr/local/openssl in /etc/ld.so.conf and even set
LD_LIBRRAY_PATH although I'm quite sure its a BSD or Solaris thingy.

Then I compiled db-4.1.25 and also made sure (like above) that this
version and not RedHats own is found and used.
Then I compiled and installed cyrus sasl under /usr/local.
Afterwords I compiled openldap and installed it under /usr with
/etc/openldap. I made sure it used my own db version, my own openssl and
my own cyrus sasl version. Here is the output of ldd  /usr/libexec/slapd

ldd /usr/libexec/slapd
libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0x40017000)
liblber.so.2 => /usr/lib/liblber.so.2 (0x4004d000)
libdb-4.1.so => /opt/db-4.1.25/lib/libdb-4.1.so (0x40059000)
libsasl2.so.2 => /usr/local/lib/libsasl2.so.2 (0x40106000)
libssl.so.0.9.6 => /usr/local/openssl/lib/libssl.so.0.9.6 (0x40118000)
libcrypto.so.0.9.6 => /usr/local/openssl/lib/libcrypto.so.0.9.6
             (0x40145000)
libresolv.so.2 => /lib/libresolv.so.2 (0x401fd000)
libltdl.so.3 => /usr/lib/libltdl.so.3 (0x4020f000)
libdl.so.2 => /lib/libdl.so.2 (0x40217000)
libwrap.so.0 => /usr/lib/libwrap.so.0 (0x4021b000)
libpthread.so.0 => /lib/i686/libpthread.so.0 (0x40224000)
libc.so.6 => /lib/i686/libc.so.6 (0x40274000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
libnsl.so.1 => /lib/libnsl.so.1 (0x403ac000)

When I now try to start my ldap server I get a segmentation fault
and neither strace nor a high debugging level gives me any clue as to
how, when and where this happens.

[root@cortex root]# slapd -d 127 -u ldap -g root -f
/etc/openldap/slapd.conf -h "ldap:/// ldaps:///"
@(#) $OpenLDAP: slapd 2.1.22 (Jul 30 2003 15:59:34) $
             instusr@cortex:/usr/src/openldap-2.1.22/servers/slapd
daemon_init: ldap:/// ldaps:///
daemon_init: listen on ldap:///
daemon_init: listen on ldaps:///
daemon_init: 2 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: socket() failed errno=97 (Address family not supported by
protocol)
daemon: initialized ldap:///
ldap_url_parse_ext(ldaps:///)
daemon: socket() failed errno=97 (Address family not supported by
protocol)
daemon: initialized ldaps:///
daemon_init: 4 listeners opened
Segmentation fault


BUT this only happens when I say to my system that it shall use ldap for
authentication. When I do authconfig and unmark the part where it says
use LDAP for authorization and account management my ldap server starts
just fine.


Does this make any sense? Has anyone any idea what else I could do? I
read through the OpenLDAP Administration Guide, I read the OpenLDAP with
SSL/TLS HowTo about a thousand times but I just can't find a single
sentence that helps me.

I'm really in need of help here.

             chris


Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte
Informationen. Wenn Sie nicht der richtige Adressat sind oder
diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte
sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser
Mail ist nicht gestattet.

This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail
in error) please notify the sender immediately and destroy this
e-mail. Any unauthorised copying, disclosure or distribution of the
material in this e-mail is strictly forbidden.