[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
consumer abort with chain overlay
- To: openldap-technical <openldap-technical@openldap.org>
- Subject: consumer abort with chain overlay
- From: Michael Wandel <m.wandel@t-online.de>
- Date: Fri, 23 Feb 2018 10:56:37 +0100
- Content-language: de-DE
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2
hallo ,
i'm not sure if I it is a configuration failure or a openldap error.
I have tested this with centos 7 , original RPM, SLES12SP3 and the
ltb-project binäries. Every enviroment failed.
this is a setup consumer / provider with chain overlay and proxyauth.
a minimized slapd.conf global section
...
authz-policy to
overlay chain
chain-uri "ldap://ldap1.example.test"
chain-rebind-as-user FALSE
chain-idassert-bind bindmethod="simple"
binddn="cn=chainadmin,dc=example,dc=test"
credentials="secret"
mode=legacy
flags=override
chain-return-error TRUE
...
the java code snipplet which makes a connection and then switch the
proxyauth and make a password change.
---
try {
LDAPConnection connection = openLDAPConnection();
BindRequest bindRequest = new SimpleBindRequest(modDN, oldPwd,
new DraftBeheraLDAPPasswordPolicy10RequestControl());
BindResult bindResult = connection.bind(bindRequest);
DraftBeheraLDAPPasswordPolicy10ResponseControl pwpResponse =
DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
DraftBeheraLDAPPasswordPolicy10WarningType warningType =
pwpResponse.getWarningType();
System.out.println("Bind Result " + bindResult.toString());
System.out.println("PwdResponse " + pwpResponse.toString());
connection.close();
connection = openLDAPConnection();
Control[] controls = { new
ProxiedAuthorizationV2RequestControl("dn:" + modDN) };
PasswordModifyExtendedRequest passwordModifyRequest = new
PasswordModifyExtendedRequest(modDN, oldPwd, newPwd, controls);
PasswordModifyExtendedResult passwordModifyResult =
(PasswordModifyExtendedResult) connection
.processExtendedOperation(passwordModifyRequest);
System.out.println("passwordModifyResult " +
passwordModifyResult.toString());
connection.close();
connection = openLDAPConnection();
bindRequest = new SimpleBindRequest(modDN, newPwd, new
DraftBeheraLDAPPasswordPolicy10RequestControl());
bindResult = connection.bind(bindRequest);
pwpResponse =
DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
warningType = pwpResponse.getWarningType();
System.out.println("Bind Result " + bindResult.toString());
System.out.println("PwdResponse " + pwpResponse.toString());
}
the gdb output of the crash is here:
5a8c6d3d conn=1001 op=1 RESULT oid= err=123 text=not authorized to
assume identity
*** Error in `/usr/local/openldap/libexec/slapd': munmap_chunk():
invalid pointer: 0x00007f2b14100986 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7ada4)[0x7f2d8a9d7da4]
/usr/local/openldap/libexec/slapd(ldap_back_controls_free+0xc1)[0x5181a1]
/usr/local/openldap/libexec/slapd[0x522ba8]
/usr/local/openldap/libexec/slapd[0x51a959]
/usr/local/openldap/libexec/slapd[0x51c193]
/usr/local/openldap/libexec/slapd[0x4a5118]
/usr/local/openldap/libexec/slapd[0x44f286]
/usr/local/openldap/libexec/slapd[0x44f787]
/usr/local/openldap/libexec/slapd(slap_send_ldap_extended+0xc0)[0x450880]
/usr/local/openldap/libexec/slapd(fe_extended+0xba)[0x46f26a]
/usr/local/openldap/libexec/slapd(overlay_op_walk+0x92)[0x4a5c42]
/usr/local/openldap/libexec/slapd[0x4a5d7e]
/usr/local/openldap/libexec/slapd(do_extended+0x24e)[0x46efbe]
/usr/local/openldap/libexec/slapd[0x4407ee]
/usr/local/openldap/libexec/slapd[0x440aca]
/usr/local/openldap/libexec/slapd[0x590769]
/lib64/libpthread.so.0(+0x7dc5)[0x7f2d8be00dc5]
/lib64/libc.so.6(clone+0x6d)[0x7f2d8aa5473d]
======= Memory map: ========
00400000-00683000 r-xp 00000000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00882000-00883000 r--p 00282000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00883000-00893000 rw-p 00283000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00893000-00939000 rw-p 00000000 00:00 0
022d2000-02768000 rw-p 00000000 00:00 0
[heap]
7f2b14000000-7f2b1411f000 rw-p 00000000 00:00 0
7f2b1411f000-7f2b18000000 ---p 00000000 00:00 0
7f2b1afff000-7f2b1c000000 rw-p 00000000 00:00 0
7f2b1c000000-7f2b1c021000 rw-p 00000000 00:00 0
7f2b1c021000-7f2b20000000 ---p 00000000 00:00 0
7f2b20000000-7f2b20117000 rw-p 00000000 00:00 0
7f2b20117000-7f2b24000000 ---p 00000000 00:00 0
7f2b24000000-7f2b24021000 rw-p 00000000 00:00 0
I'm not sure if it is a known bug or misconfiguration. If someone wants
the java testprogram i'll can send it per pm or give a download link.
best regards
Michael
--
Michael Wandel
Braakstraße 43
33647 Bielefeld