[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
(2.2.0alpha) slapd crashes on strong bind
Hi,
when trying a strong bind by means of flag -Y MECHANISM slapd aborts
as following excerpt shows. Although the sasl authentication string ist
properly mapped to the relevant entry DN.
A simple bind works fine though.
Any hints on what might be wrong?
-Dieter
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
do_sasl_bind: dn () mech DIGEST-MD5
conn=0 op=1 BIND dn="" method=163
==> sasl_bind: dn="" mech=<continuing> datalen=262
SASL [conn=0] Debug: DIGEST-MD5 server step 2
SASL Canonicalize [conn=0]: authcid="dieter"
slap_sasl_getdn: id=dieter [len=6]
getdn: u:id converted to uid=dieter,cn=avci.de,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=dieter,cn=avci.de,cn=DIGEST-MD5,cn=auth>
=> ldap_bv2dn(uid=dieter,cn=avci.de,cn=DIGEST-MD5,cn=auth,0)
<= ldap_bv2dn(uid=dieter,cn=avci.de,cn=DIGEST-MD5,cn=auth,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(uid=dieter,cn=avci.de,cn=digest-md5,cn=auth,272)=0
<<< dnNormalize: <uid=dieter,cn=avci.de,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=dieter,cn=avci.de,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=dieter,cn=avci.de,cn=digest-md5,cn=auth
slap_sasl_regexp: converted SASL name to ldap:///o=avci,c=de??sub?uid=dieter
slap_parseURI: parsing ldap:///o=avci,c=de??sub?uid=dieter
ldap_url_parse_ext(ldap:///o=avci,c=de??sub?uid=dieter)
str2filter "uid=dieter"
put_filter: "uid=dieter"
put_filter: default
put_simple_filter: "uid=dieter"
begin get_filter
EQUALITY
>>> dnNormalize: <o=avci,c=de>
=> ldap_bv2dn(o=avci,c=de,0)
<= ldap_bv2dn(o=avci,c=de,0)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(o=avci,c=de,272)=0
<<< dnNormalize: <o=avci,c=de>
slap_sasl2dn: performing internal search (base=o=avci,c=de, scope=2)
=> bdb_back_search
bdb_dn2entry("o=avci,c=de")
entry_decode: ""
> bdb_equality_candidates (objectClass)
daemon: select: listen=12 active_threads=1 tvp=zero
daemon: select timeout - yielding
daemon: select: listen=12 active_threads=1 tvp=zero
daemon: select timeout - yielding
daemon: select: listen=12 active_threads=1 tvp=zero
daemon: select timeout - yielding
=> key_read
[...]
bdb_idl_fetch_key: [b49d1940]
<= bdb_index_read: failed (-30991)
<= bdb_equality_candidates: id=0, first=0, last=0
<= bdb_filter_candidates: id=0 first=0 last=0
=> bdb_filter_candidates
EQUALITY
=> bdb_equality_candidates (uid)
[...]
=> test_filter
EQUALITY
=> access_allowed: auth access to "cn=Dieter Kluenter,ou=Partner,o=avci,c=de" "uid" requested
=> acl_get: [1] check attr uid
acl_get: [5] check attr uid
<= acl_get: [5] acl cn=Dieter Kluenter,ou=Partner,o=avci,c=de attr: uid
=> acl_mask: access to entry "cn=Dieter Kluenter,ou=Partner,o=avci,c=de", attr "uid" requested
=> acl_mask: to value by "", (=n)
<= check a_dn_pat: *
<= acl_mask: [1] applying read(=rscx) (stop)
<= acl_mask: [1] mask: read(=rscx)
=> access_allowed: auth access granted by read(=rscx)
<= test_filter 6
daemon: select: listen=12 active_threads=1 tvp=zero
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=0 matched="" text=""
conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=0 text=
<==slap_sasl2dn: Converted SASL name to cn=dieter kluenter,ou=partner,o=avci,c=de
getdn: dn:id converted to cn=dieter kluenter,ou=partner,o=avci,c=de
SASL Canonicalize [conn=0]: authcDN="cn=dieter kluenter,ou=partner,o=avci,c=de"
=> bdb_back_search
bdb_dn2entry("cn=dieter kluenter,ou=partner,o=avci,c=de")
base_candidates: base: "cn=dieter kluenter,ou=partner,o=avci,c=de" (0x00000009)
=> test_filter
PRESENT
slapd: acl.c:131: access_allowed: Assertion `desc != ((void *)0)' failed.
Aborted
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de