[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Segmentation fault using logpurge option in slapd.conf
- To: openldap-technical@openldap.org
- Subject: Segmentation fault using logpurge option in slapd.conf
- From: Julian Thomé <frostisch@yahoo.de>
- Date: Wed, 30 Sep 2009 16:37:13 +0200
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.de; h=Received:X-Yahoo-SMTP:X-YMail-OSG:X-Yahoo-Newman-Property:Message-ID:Date:From:User-Agent:MIME-Version:To:Subject:Content-Type:Content-Transfer-Encoding; b=hZrAiLLpLF8Nuk6D6wIBrApPVtknVlqnbuKqhHkEhN6Zy2F0+3iAeY9EETqZge1dBYR772b8bgvxLycyZd1Nk8LlFymJ8PKAkK8KvAKVz3aAr/sW5yQzkxLsYaPOG3T1DOpjmA47v4C3/eDgsY5wpgE3SxShcsub7zcHH0NYsUM= ;
- User-agent: Thunderbird 2.0.0.22 (X11/20090719)
Hello mailing list,
We have a problem using OpenLdap V. 2.4.11 with Debian Lenny.
If we use the option logpurge in our slapd.conf, slapd can't start anymore.
Our slapd.conf:
>8-----------------------------------------------/etc/ldap/slapd.conf
# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/hdb.schema
include /etc/ldap/schema/nis.schema
# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid
# List of arguments that were passed to the server
argsfile /var/run/slapd/slapd.args
# Read slapd.conf(5) for possible values
loglevel 4
#sasl-secprops minssf=0
# Where the dynamically loaded modules are stored
modulepath /usr/lib/ldap
moduleload back_hdb
moduleload smbk5pwd
moduleload accesslog
# The maximum number of entries that is returned for a search operation
sizelimit unlimited
# TLS Stuff
TLSCACertificateFile /etc/ssl/certs/ca.pem
TLSCertificateKeyFile /etc/ldap/openldap.key
TLSCertificateFile /etc/ldap/openldap.crt
# The tool-threads parameter sets the actual amount of cpu's that is used
# for indexing.
tool-threads 2
# Specific Backend Directives for hdb:
backend hdb
# Specific Directives for database: accesslog
database hdb
directory "/var/lib/accesslog"
suffix "cn=accesslog"
checkpoint 512 30
rootdn "cn=accesslog"
rootpw ...
index default eq
index reqStart eq
index reqType eq
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
# Specific Directives for database: data
database hdb
directory "/var/lib/ldap"
overlay smbk5pwd
overlay accesslog
logdb cn=accesslog
logops writes
logsuccess TRUE
logold (objectClass=posixAccount)
logpurge 07+00:00 01+00:00
suffix ...
rootdn ...
rootpw ...
dbconfig set_cachesize 0 2097152 0
dbconfig set_lk_max_objects 1500
dbconfig set_lk_max_locks 1500
dbconfig set_lk_max_lockers 1500
# Indexing options for database #1
index default eq
index objectClass eq
index uidNumber pres,eq
index uid eq
smbk5pwd-enable krb5
smbk5pwd-enable samba
smbk5pwd-must-change 2592000
password-hash {K5KEY}
# lastmod on
# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword,shadowLastChange
filter="(memberOf=Archiv)"
by peername.ip=192.168.222.17 auth stop
by peername.regex=.* none break
access to dn.base="..."
by * read
access to attrs=userPassword,shadowLastChange
filter="(!(memberOf=Archiv))"
by peername.ip=192.168.222.17 none stop
by peername.regex=.* none break
# this rule is more specific than the admin rule below
access to attrs=userPassword,shadowLastChange
by set="user/memberOf & [Administratoren]" write
by dn="cn=admin,..." write
by anonymous auth
by self write
by * none
# Ensure read access to the base for things like
# supportedSASLMechanisms. Without this you may
# have problems with SASL not knowing what
# mechanisms are available and the like.
# Note that this is covered by the 'access to *'
# ACL below too but if you change that as people
# are wont to do you'll still need this if you
# want SASL (and possible other things) to work
# happily.
access to dn.base="" by * read
# The admin dn has full write access, everyone else
# can read everything.
# be sure to include the admins in the previous, more specific rule
access to *
by set="user/memberOf & [Administratoren]" write
by dn="cn=admin,..." write
by * read
access to dn.subtree="ou=Benutzer,..."
by sockurl="ldapi:///" write
authz-regexp
"gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth" "cn=admin,..."
----------------------------------------------------8<
Starting slapd with the command:
slapd -d 16383
produces the following output:
>8---------------------------------------------------
...
...
>>> dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0)
<= ldap_bv2dn(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
<<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog>
line 65 (rootpw ***)
line 66 (index default eq)
line 67 (index reqStart eq)
index reqStart 0x0004
line 68 (index reqType eq)
index reqType 0x0004
line 69 (dbconfig set_cachesize 0 2097152 0)
line 70 (dbconfig set_lk_max_objects 1500)
line 71 (dbconfig set_lk_max_locks 1500)
line 72 (dbconfig set_lk_max_lockers 1500)
line 75 (database hdb)
hdb_db_init: Initializing HDB database
line 76 (directory "/var/lib/ldap")
line 78 (overlay smbk5pwd)
line 80 (overlay accesslog)
line 81 (logdb cn=accesslog)
>>> dnPrettyNormal: <cn=accesslog>
=> ldap_bv2dn(cn=accesslog,0)
<= ldap_bv2dn(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
=> ldap_dn2bv(272)
<= ldap_dn2bv(cn=accesslog)=0
<<< dnPrettyNormal: <cn=accesslog>, <cn=accesslog>
line 82 (logops writes)
line 83 (logsuccess TRUE)
line 85 (logpurge 07+00:00 01+00:00)
Speicherzugriffsfehler
----------------------------------------------------8<
If the logpurge-option is uncommented, slapd starts without any problems.
It would be very nice if someone could help us !
Greetings
Julian
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de