Re: acl entry causes segfault

[Markus Krause <krause@biochem.mpg.de>]

Zitat von Pierangelo Masarati <ando@sys-net.it>:
> > > Markus Krause wrote:
> > > > Hi list!
> > > >
> > > > how can i allow or deny access to some attributes in a specific subtree?
> > > >
> > > > thanks in advance for any hints!
> > >
> > > You don't provide enough info to determine what's wrong.  You should
> > > provide a stack backtrace (make sure you use a slapd compiled with
> > > debugging symbols and not stripped) and a complete (sanitized) slapd.conf.
> >
> > ok, here you are:
> > ---- cleaned slapd.conf:
> > [snip]
> >
> > loglevel 0
> > TLSCipherSuite HIGH:MEDIUM:+SSLv2
> > TLSCertificateFile /etc/ssl/servercerts/servercert.pem
> > TLSCertificateKeyFile /etc/ssl/servercerts/serverkey.pem
> > TLSCACertificateFile /etc/ssl/mpibc-w2k_root-ca.pem
> > database bdb
> > suffix "dc=biochem,dc=mpg,dc=de"
> > rootdn "cn=Manager,dc=biochem,dc=mpg,dc=de"
> > rootpw "{ssha}XXXX"
> > overlay smbk5pwd
> > smbk5pwd-enable samba
>
> The directives below appear __after__ an overlay instantiation, while
> they belong to the database.  Intermixing database and overlay
> directive is known to lead to undefined results (a crash is just a
> clear sign of error, but what basically happens is that overlay parsing
> code mucks with database private memory and vice versa).  Pease re-sort
> your configuration to clearly confine each database directive right
> after the database instantiation, and each overlay's directive right
> after that overlay instantiation and before any subsequent overlay
> instantiation. This should fix your problem.
>
> p.
>
> > directory /var/lib/ldap/
> > checkpoint 1024 5
> > cachesize 10000
> > index objectClass,uidNumber,gidNumber eq
> > index member,mail eq,pres
> > index cn,displayname,uid,sn,givenname sub,eq,pres
> > index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
> > index entryCSN,entryUUID eq
> > index dhcpHWAddress eq,pres
> > index relativeDomainName eq,pres
> > index ipHostNumber eq,pres
> > index zoneName eq,pres
> > index radiusGroupName eq,pres
> > index description eq,sub,pres
> >
> > overlay syncprov
> > syncprov-checkpoint 100 10
> > syncprov-sessionlog 100
> >
> > ---- end of slapd.conf
>
>
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
>
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> ---------------------------------------
> Office:  +39 02 23998309
> Mobile:  +39 333 4963172
> Email:   pierangelo.masarati@sys-net.it
> ---------------------------------------

thanks, that was my error! i did not think about that ...
so now i have (in principle):

database bdb
suffix "o=test"
rootdn "cn=manager,o=test"
rootpw xxxx
directory <path>
index ....

overlay smbk5pwd

overlay syncprov

thanks again for fast responses and patient help!

with best regards
   markus


+-----------------------------------------------------------------+
| Markus Krause, Mogli-Soft                                       |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL        |
| by order of the                                                 |
|    Computing Center of the Max-Planck-Institute of Biochemistry |
+--------------------------------+--------------------------------+
| E-Mail: krause@biochem.mpg.de  |  Tel.: 089 - 89 40 85 99       |
|         markus.krause@mac.com  |  Fax.: 089 - 89 40 85 98       |
|  Skype: markus.krause          | iChat: markus.krause@mac.com   |
+--------------------------------+--------------------------------+

----------------------------------------------------------------------
     This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to rz-linux@biochem.mpg.de