[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd crashing with password change -- addendum



Hi Luiz
have you removed all you old stuff from the directories? usually, as i noticed, a simple "make tidy" or similar won't do.
example: this afternoon i created apache-2.0.47. and after compilation was complete, and we were ready to create the rpm package (i never do a simple make;make install: i always create an rpm package), it said "Illegal file permission", nothing else and dead.
only when i removed (rm -r *, not make tidy or similar) everything, it worked.
try to clean up and then redo the make.


suomi


luiz@pucrs.br wrote:

Hi Suomi

Thanks for your reply. I had saw my /usr/local/sasl2 and there are a lot of
libs there. All them version 2, but...
I was deleted the library and reinstalled the version 2.1.15, with this
parameters:

./configure --with-bdb-libdir=/usr/local/lib
--with-bdb-incdir=/usr/local/include --disable-krb4 --disable-gssapi

OBS: The parameter '--disable-gssapi' was added because I was receiving one
error of gssapi and krb5(?) when tried to compile.

Then, I was recompiled the openldap using

./configure --with-tls --with-ldbm --enable-wrappers --enable-crypt
--enable-bdb --with-cyrus-sasl --enable-slapd --enable-syslog
--enable-ipv6=no

But when I tried to test, the following error has occurred:

# make test
cd tests; make test
make[1]: Entering directory `/root/adm/soft/openldap-2.1.22/tests'
ln: cannot create ./data: File exists
make[1]: [test-bdb] Error 2 (ignored)
Initiating LDAP tests for BDB...


Executing all LDAP tests...
Test Directory: .
Backend: bdb
Starting test000-rootdse ...


running defines.sh
Datadir is ./data
Cleaning up in ./test-db...
Starting slapd on TCP/IP port 9009...
Using ldapsearch to retrieve the root DSE...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
Waiting 5 seconds for slapd to start...
ldap_bind: Can't contact LDAP server (81)


Test failed
./scripts/test000-rootdse failed (exit 1)


make[1]: *** [test-bdb] Error 1
make[1]: Leaving directory `/root/adm/soft/openldap-2.1.22/tests'
make: *** [test] Error 2

I was saw another message in the list with this error. Has anyone
discovered one correction?
I tried to use instead of the test error, but the crash of the slapd still
occurring.  :-(
Can anyone to help me? I don´t know what more I can do...

Thanks in advance

Luiz



Hi Luiz
I had some weeks ago a similar problem: I wanted to put openldap on sasl
and compiled it with sasl1 but made it run with sasl2. and it
immediately crashed without prior notice or anything in the log.

you might have to check the sasl versions on the machine where you
compiled openldap and on the machine where you have it run.

I made a bug-report at openldap.org for that.

suomi

luiz@pucrs.br wrote:



People

I´m sorry. I was sended the previous message without finalize it. :-(
I´m using:

db-4.1.25
openldap-2.1.22
cyrus-sasl-2.1.15
openssl-0.9.7b

Thanks a lot.

==============>Forward<===============

I was installed openldap server in one Solaris 9 machine. Now, I´m
configuring it and there are a insolit situation.
I logged in one workstation without problemas. But when I tried to change
the password in one Linux client machine, slapd process die in the server,
without any log message (only one core dump file)! Then, I was started it
again with this option:

/usr/local/libexec/slapd -d 127 -h "ldap:/// ldaps:///"

The password was changed to anything unknown, in spite of the client
/etc/ldap.conf is setted to 'pam_password exop'. Then, I was tried to
change the password in the server, or delete the entire user. For my
terror, the slapd went wild. The message in the console, repetead for
eternity is:

bdb_cache_entry_db_lock: entry cn=user,ou=People,dc=my,dc=domain, rw 1, rc
-30995
====> bdb_cache_find_entry_id( 9 ): 9 (busy) 2
locker = -2147483582

I´m confused. Is anyone capable to help me?

My slapd.conf:
===========
include         /usr/local/etc/openldap/schema/core.schema
include         /usr/local/etc/openldap/schema/cosine.schema
include         /usr/local/etc/openldap/schema/nis.schema
include         /usr/local/etc/openldap/schema/inetorgperson.schema
include         /usr/local/etc/openldap/schema/solaris.schema
include         /usr/local/etc/openldap/schema/DUAConfig.schema

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

password-hash {MD5}
access to attribute=userPassword
      by self write
      by dn="cn=admin,dc=my,dc=domain" write
      by * compare
access to *
      by * read

database        bdb
suffix          "dc=my,dc=domain"
rootdn          "cn=admin,dc=my,dc=domain"
rootpw          {MD5}password==

directory       /usr/local/var/openldap-data

index cn,sn,uid pres,eq,approx,sub
index objectClass eq

TLSCipherSuite HIGH:MEDIUM:+SSLv2
TLSCertificateFile /usr/local/etc/openldap/certs/newcert.pem
TLSCertificateKeyFile /usr/local/etc/openldap/certs/newreq.pem
TLSCACertificateFile /usr/local/etc/openldap/certs/demoCA/cacert.pem
===========

I was compiled the OpenLDAP with these options:

./configure --with-tls --with-ldbm --enable-wrappers --enable-crypt
--enable-bdb --with-cyrus-sasl --enable-slapd --enable-syslog
--enable-ipv6=no

Thanks a lot for any idea.

_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
          Administraçao da Rede
              FACIN / PUCRS
   Fone: +55 51 3320-3558 r. 4184
   Fax  : +55 51 3320-3758
    Av. Ipiranga, 6681 - 90619.900
            Prédio 30 - Sala 145
         Porto Alegre - RS - Brasil
_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\