Re: chain-overlay question

[Pierangelo Masarati <ando@sys-net.it>]

Markus Krause wrote:

> > No.  I'm referring to slapd.4.conf as generated by the test018 script.
> ah ok, sorry for that. i could not find it at first, had ro stop "make 
> test" at test018 to get it ... now i used it (and slapd.1.conf) as 
> template for my config.

I assumed you knew that you can tun a single test by issuing

	./run test018

from the tests/ directory.  Sorry about that.


> i am really sorry about still bothering you with my problems but i still 
> have no  success... :-(
> my slapd.conf now looks like (now in more detail, just cleaned up):
> --- slapd.conf
> ...
> modulepath      /usr/lib/openldap/modules
> moduleload      smbk5pwd.so
> sizelimit unlimited
> acl ...
> TLSstuff ...
> #### chain overlay definition
> overlay chain
> chain-rebind-as-user    FALSE
> chain-uri       "ldaps://ldapprov"
> chain-rebind-as-user    TRUE
> chain-idassert-bind     bindmethod="simple"
>                         binddn="cn=manager,o=test"
>                         credentials="secret"
>                         mode="self"
>
> database bdb
> suffix "o=test"
> directory /var/lib/ldap/
> rootdn "cn=manager,o=test"
> rootpw "secret"
> index objectClass,uidNumber,gidNumber eq
> index member,mail eq,pres
> index cn,displayname,uid,sn,givenname sub,eq,pres
> index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
> index entryCSN,entryUUID eq
> index dhcpHWAddress eq,pres
> index relativeDomainName eq,pres
> index ipHostNumber eq,pres
> index zoneName eq,pres
> index radiusGroupName eq,pres
>
> syncrepl rid=13
>         provider=ldaps://ldapprov
>         type=refreshAndPersist
>         retry=1,5,5,6,30,+
>         interval=00:00:00:30
>         searchbase="o=test"
>         filter="(objectclass=*)"
>         scope=sub
>         attrs="*"
>         schemachecking=off
>         binddn="cn=manager,o=test"
>         bindmethod=simple
>         credentials="secret"
>         sizelimit=unlimited
> updateref ldaps://ldapprov
>
> overlay syncprov
> overlay smbk5pwd
> smbk5pwd-enable samba
> --- end of slapd.conf

To me, it looks just fine.



> > Please rearrange the configuration as instructed and retry.  In general,
> > never intermix database and overlay directives.  Order matters (as it
> > always did; but now violations are no longer harmless).
> i hope i did understand how which order the entries should have ... (see 
> above)
>
> but the last lines before the consumer dies after running "ldappasswd 
> .." show:
> --- slapd -d 65535 output
> ...
> => bdb_dn2id("uid=user,o=test")
> <= bdb_dn2id: got id=0x0000337f
> entry_decode: "uid=user,o=test"
> <= entry_decode(uid=user,o=test)
> ldap_url_parse_ext(ldaps://ldapprov)
> send_ldap_extended: err=10 oid= len=0
> ldap_url_parse_ext(ldaps://ldapprov)
> Segmentation fault
> --- end of slapd -d 65535 output

That's another issue.  You may send a stack backtrace after this crash.

In any case, you didn't specify you were trying to perform an extended 
operation (ldap passwd); there might be some bg in how extended 
operations are handled by slapo-chain(5).  I'd narrow this down by 
running ldappasswd within a simpler configuration setup.  In case, 
please file an ITS.

In the meanwhile, I'd check your configuration by using a less 
challenging write operation (like a modify).

p.



Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------