[Date Prev][Date Next] [Chronological] [Thread] [Top]

Segmentation fault using logpurge option in slapd.conf

To: openldap-technical@openldap.org
Subject: Segmentation fault using logpurge option in slapd.conf
From: Julian Thomé <frostisch@yahoo.de>
Date: Wed, 30 Sep 2009 16:37:13 +0200
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=hZrAiLLpLF8Nuk6D6wIBrApPVtknVlqnbuKqhHkEhN6Zy2F0+3iAeY9EETqZge1dBYR772b8bgvxLycyZd1Nk8LlFymJ8PKAkK8KvAKVz3aAr/sW5yQzkxLsYaPOG3T1DOpjmA47v4C3/eDgsY5wpgE3SxShcsub7zcHH0NYsUM= ;
User-agent: Thunderbird 2.0.0.22 (X11/20090719)

Hello mailing list,

We have a problem using OpenLdap V. 2.4.11 with Debian Lenny.
If we use the option logpurge in our slapd.conf, slapd can't start anymore.

Our slapd.conf:

>8-----------------------------------------------/etc/ldap/slapd.conf

# Schema and objectClass definitions
include         /etc/ldap/schema/core.schema
include         /etc/ldap/schema/misc.schema
include         /etc/ldap/schema/cosine.schema
include         /etc/ldap/schema/inetorgperson.schema
include            /etc/ldap/schema/hdb.schema
include         /etc/ldap/schema/nis.schema

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile         /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile        /var/run/slapd/slapd.args

# Read slapd.conf(5) for possible values
loglevel        4
#sasl-secprops minssf=0

# Where the dynamically loaded modules are stored
modulepath    /usr/lib/ldap
moduleload    back_hdb
moduleload    smbk5pwd
moduleload    accesslog

# The maximum number of entries that is returned for a search operation
sizelimit       unlimited

# TLS Stuff
TLSCACertificateFile /etc/ssl/certs/ca.pem
TLSCertificateKeyFile /etc/ldap/openldap.key
TLSCertificateFile /etc/ldap/openldap.crt

# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads    2

# Specific Backend Directives for hdb:
backend        hdb
# Specific Directives for database: accesslog
database        hdb
directory       "/var/lib/accesslog"
suffix          "cn=accesslog"
checkpoint      512 30
rootdn          "cn=accesslog"
rootpw            ...
index                default      eq
index           reqStart  eq
index           reqType   eq
dbconfig        set_cachesize 0 2097152 0
dbconfig        set_lk_max_objects 1500
dbconfig        set_lk_max_locks 1500
dbconfig        set_lk_max_lockers 1500

# Specific Directives for database: data
database        hdb
directory       "/var/lib/ldap"
overlay        smbk5pwd

overlay     accesslog
logdb        cn=accesslog
logops        writes
logsuccess    TRUE
logold        (objectClass=posixAccount)
logpurge     07+00:00 01+00:00

suffix          ...

rootdn          ...
rootpw            ...

dbconfig        set_cachesize 0 2097152 0
dbconfig        set_lk_max_objects 1500
dbconfig        set_lk_max_locks 1500
dbconfig        set_lk_max_lockers 1500

# Indexing options for database #1
index        default        eq
index           objectClass eq
index        uidNumber   pres,eq
index        uid         eq

smbk5pwd-enable krb5
smbk5pwd-enable samba
smbk5pwd-must-change 2592000
password-hash {K5KEY}

# lastmod         on

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only

access to attrs=userPassword,shadowLastChange

filter="(memberOf=Archiv)"by peername.ip=192.168.222.17 auth stopby peername.regex=.* none break

access to dn.base="..."
   by * read

access to attrs=userPassword,shadowLastChange

filter="(!(memberOf=Archiv))"by peername.ip=192.168.222.17 none stopby peername.regex=.* none break

# this rule is more specific than the admin rule below

access to attrs=userPassword,shadowLastChange

by set="user/memberOf & [Administratoren]" writeby dn="cn=admin,..." write

       by anonymous auth
       by self write
       by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.

access to dn.base="" by * read

# The admin dn has full write access, everyone else
# can read everything.


# be sure to include the admins in the previous, more specific rule
access to *

by set="user/memberOf & [Administratoren]" writeby dn="cn=admin,..." write

       by * read

access to dn.subtree="ou=Benutzer,..."
       by sockurl="ldapi:///" write

authz-regexp"gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,..."


----------------------------------------------------8<

Starting slapd with the command:
   slapd -d 16383
produces the following output:
>8---------------------------------------------------
...
...
>>> dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0)
<= ldap_bv2dn(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
<<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog>
line 65 (rootpw ***)
line 66 (index        default      eq)
line 67 (index           reqStart  eq)
index reqStart 0x0004
line 68 (index           reqType   eq)
index reqType 0x0004
line 69 (dbconfig        set_cachesize 0 2097152 0)
line 70 (dbconfig        set_lk_max_objects 1500)
line 71 (dbconfig        set_lk_max_locks 1500)
line 72 (dbconfig        set_lk_max_lockers 1500)
line 75 (database        hdb)
hdb_db_init: Initializing HDB database
line 76 (directory       "/var/lib/ldap")
line 78 (overlay        smbk5pwd)
line 80 (overlay     accesslog)
line 81 (logdb        cn=accesslog)
>>> dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0)
<= ldap_bv2dn(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
<<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog>
line 82 (logops        writes)
line 83 (logsuccess    TRUE)
line 85 (logpurge     07+00:00 01+00:00)
Speicherzugriffsfehler
----------------------------------------------------8<

If the logpurge-option is uncommented, slapd starts without any problems.

It would be very nice if someone could help us !

Greetings
Julian

___________________________________________________________Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de

Follow-Ups:
- Re: Segmentation fault using logpurge option in slapd.conf
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: can i bind real entry by alias ?
Next by Date: smbk5pwd does not properly update sambaNTPassword and sambaLMPassword
Index(es):
- Chronological
- Thread