[Date Prev][Date Next] [Chronological] [Thread] [Top]

Strange behaviour with saslautz: "incorrect" access directives cause segmentation fault

To: OpenLdap Software List <openldap-software@OpenLDAP.org>
Subject: Strange behaviour with saslautz: "incorrect" access directives cause segmentation fault
From: Jeff Warnica <jeffw@chebucto.ns.ca>
Date: Mon, 06 Sep 2004 16:10:07 -0300

I don't know if this is a known problem or not. If it isn't, I can
provide more details, exact steps, backtraces, etc.

OpenLDAP version: 2.2.15 BDB backend version: 4.2.52

Anyway: I'm using Cyrus IMAP + ldapdb so I can use proxy authentication
for access to non-cleartext password exchange. It seems that if I use a
"group" clause in the access directive for saslAuthzTo, slapd seg faults
while setting up the proxy auth.

ie:

access to attr=saslAuthzTo
	by dn="uid=ranger,ou=accounts,ou=unix,o=warnica,c=ca" write	
        by * auth

works.

but:
access to attr=saslAuthzTo
	by group="cn=DirectoryAdmins,ou=group,ou=unix,o=warnica,c=ca" write	
        by * auth

does _not_. For that matter, not having a specific saslauthzto access
directive, but having a group clause in a more general one, same thing.

Furthermore, after restarting slapd, doing anything with the applicable
authentication object causes slapd to hang: after that seg fault it has
corrupted the database.

Follow-Ups:
- Re: Strange behaviour with saslautz: "incorrect" access directives cause segmentation fault
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: host schema conflict
Next by Date: Re: host schema conflict
Index(es):
- Chronological
- Thread