[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Re : Re: (ITS#7676) OpenLDAP 2.4.36 slapd crash with "assertion failed" message

To: POISSON FrÃdÃric <frederic.poisson@admin.gmessaging.net>, openldap-its@openldap.org, "openldap-technical OpenLDAP.org" <openldap-technical@openldap.org>
Subject: Re: Re : Re: (ITS#7676) OpenLDAP 2.4.36 slapd crash with "assertion failed" message
From: Howard Chu <hyc@symas.com>
Date: Tue, 03 Sep 2013 04:59:32 -0700
In-reply-to: <330bbd6611bea100.5225af34@admin.gmessaging.net>
References: <201308301930.r7UJUbDO047021@boole.openldap.org> <18791b872b7cc4.52259216@admin.gmessaging.net> <96c5a0243eaa5d9.52259253@admin.gmessaging.net> <74f23adb5bbbb83.5225930b@admin.gmessaging.net> <330bbd6611bea100.5225af34@admin.gmessaging.net>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101 Firefox/25.0 SeaMonkey/2.22a1

"POISSON FrÃdÃric" wrote:

Hello all,

Thanks first for the patch, i have applied it on my own build of 2.4.36 but i
have now a strange behavior, the slapd do not crash but it refused operations.

First here is the diff after applying the patch :
$ diff ../BUILD/openldap-2.4.36/servers/slapd/bconfig.c
../BUILD/openldap-2.4.36/servers/slapd/bconfig.c.orig
3795d3794
<               slap_tls_ctx = NULL;
3804,3808d3802
<               } else {
<                       if ( rc == LDAP_NOT_SUPPORTED )
<                               rc = LDAP_UNWILLING_TO_PERFORM;
<                       else
<                               rc = LDAP_OTHER;

Now when i only add or replace only attribute olcTLSRandFile on cn=config i have :

ldap_modify: Server is unwilling to perform (53)


When i replace following values in this order with 4 actions/operations or
with a single action/operation it works :

dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: /usr/products/openldap/etc/openldap-single/tls/cacert.pem
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: /usr/products/openldap/etc/openldap-single/tls/cert.pem
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: /usr/products/openldap/etc/openldap-single/tls/key.pem
-
replace: olcTLSRandFile
olcTLSRandFile: /dev/random

But it don't works with only olcTLSRandfile if i do an add or replace first, why ?

What do you need for investigation ?

There's nothing to investigate, this works as designed. The config enginerequires your TLS configuration to be valid when you configure it. That meansat a minimum you must configure a server cert and key. If you only configurethe randfile and nothing else, the config is rejected.


--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- Re : Re: (ITS#7676) OpenLDAP 2.4.36 slapd crash with "assertion failed" message
  - From: "POISSON Frédéric" <frederic.poisson@admin.gmessaging.net>

Prev by Date: schema extension trouble
Next by Date: Re: Error message with memberof overlay
Index(es):
- Chronological
- Thread