[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
slapd segfaults with SASL/GSSAPI binds
This is really weird. I'm just setting up a new server (migrating from
OpenLDAP 2.0 to 2.2), and slapd segfaults whenever I attempt a SASL bind
using the GSSAPI mechanism:
On the client side:
cds@osaka:~$ kdestroy
cds@osaka:~$ kinit chris
chris@LEET.ORG's Password:
cds@osaka:~$ ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
cds@osaka:~$ klist
Credentials cache: FILE:/tmp/krb5cc_1000
Principal: chris@LEET.ORG
Issued Expires Principal
Jul 7 18:13:39 Jul 8 04:13:52 krbtgt/LEET.ORG@LEET.ORG
Jul 7 18:13:39 Jul 8 04:13:52 krbtgt/LEET.ORG@LEET.ORG
Jul 7 18:13:44 Jul 8 04:13:52 ldap/osaka.leet.org@LEET.ORG
On the server side:
osaka:~# /usr/local/libexec/slapd -h ldap://0.0.0.0 ldaps://0.0.0.0 -d
256 -u slapd -g slapd
@(#) $OpenLDAP: slapd 2.2.13 (Jul 6 2004 17:17:27) $
root@osaka:/usr/local/src/openldap2.2/openldap-2.2.13/servers/slapd
bdb_initialize: Sleepycat Software: Berkeley DB 4.2.52: (December 3,
2003)
bdb_db_init: Initializing BDB database
slapd starting
conn=0 fd=11 ACCEPT from IP=192.168.0.3:1302 (IP=0.0.0.0:389)
conn=0 op=0 SRCH base="" scope=0 deref=0 filter="(objectClass=*)"
conn=0 op=0 SRCH attr=supportedSASLMechanisms
conn=0 op=0 SEARCH RESULT tag=101 err=0 nentries=1 text=
conn=0 op=1 BIND dn="" method=163
Segmentation fault
Here is my (minimal) slapd.conf:
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/krb5-kdc.schema
pidfile /usr/local/var/run/slapd/slapd.pid
argsfile /usr/local/var/run/slapd/slapd.args
TLSCertificateFile /usr/local/etc/openldap/slapd.crt
TLSCertificateKeyFile /usr/local/etc/openldap/slapd.key
TLSCACertificateFile /usr/local/etc/openldap/cacert.pem
sasl-realm LEET.ORG
sasl-host osaka.leet.org
database bdb
suffix "dc=leet,dc=org"
rootdn "uid=ldapadm,cn=gssapi,cn=auth"
directory /usr/local/var/openldap-data
index objectClass eq
sasl-regexp uid=(.*),cn=gssapi,cn=auth
uid=$1,ou=People,dc=leet,dc=org
Note that Kerberos/GSSAPI is working for other things, and that the
distinguished name 'uid=chris,ou=People,dc=leet,dc=org' exists in the
LDAP tree. My LDAP installation consists of Openldap 2.2.13, linked
against BDB 4.2.52 and Cyrus SASL 2.1.18. I'd appreciate any clues as
to what I might be doing wrong, or if there is a workaround for this
problem.
Thanks,
Chris Schadl
cschadl@satan.org.uk