[Date Prev][Date Next] [Chronological] [Thread] [Top]

consumer abort with chain overlay

To: openldap-technical <openldap-technical@openldap.org>
Subject: consumer abort with chain overlay
From: Michael Wandel <m.wandel@t-online.de>
Date: Fri, 23 Feb 2018 10:56:37 +0100
Content-language: de-DE
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2

hallo ,

i'm not sure if I it is a configuration failure or a openldap error.

I have tested this with centos 7 , original RPM, SLES12SP3 and the
ltb-project binäries. Every enviroment failed.

this is a setup consumer / provider with chain overlay and proxyauth.

a minimized slapd.conf global section

...

authz-policy            to

overlay                 chain
chain-uri               "ldap://ldap1.example.test";
chain-rebind-as-user    FALSE
chain-idassert-bind     bindmethod="simple"
                        binddn="cn=chainadmin,dc=example,dc=test"
                        credentials="secret"
                        mode=legacy
                        flags=override

chain-return-error      TRUE

...


the java code snipplet which makes a connection and then switch the
proxyauth and make a password change.

---
       try {
        LDAPConnection connection = openLDAPConnection();

        BindRequest bindRequest = new SimpleBindRequest(modDN, oldPwd,
new DraftBeheraLDAPPasswordPolicy10RequestControl());
        BindResult bindResult = connection.bind(bindRequest);
        DraftBeheraLDAPPasswordPolicy10ResponseControl pwpResponse =
DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
        DraftBeheraLDAPPasswordPolicy10WarningType warningType =
pwpResponse.getWarningType();

        System.out.println("Bind Result " + bindResult.toString());

        System.out.println("PwdResponse " + pwpResponse.toString());


        connection.close();
        connection = openLDAPConnection();



        Control[] controls = { new
ProxiedAuthorizationV2RequestControl("dn:" + modDN) };
        PasswordModifyExtendedRequest passwordModifyRequest = new
PasswordModifyExtendedRequest(modDN, oldPwd, newPwd, controls);
        PasswordModifyExtendedResult passwordModifyResult =
(PasswordModifyExtendedResult) connection
                .processExtendedOperation(passwordModifyRequest);

        System.out.println("passwordModifyResult " +
passwordModifyResult.toString());


        connection.close();
        connection = openLDAPConnection();


        bindRequest = new SimpleBindRequest(modDN, newPwd, new
DraftBeheraLDAPPasswordPolicy10RequestControl());
        bindResult = connection.bind(bindRequest);
        pwpResponse =
DraftBeheraLDAPPasswordPolicy10ResponseControl.get(bindResult);
        warningType = pwpResponse.getWarningType();


        System.out.println("Bind Result " + bindResult.toString());
        System.out.println("PwdResponse " + pwpResponse.toString());


        }


the gdb output of the crash is here:


5a8c6d3d conn=1001 op=1 RESULT oid= err=123 text=not authorized to
assume identity
*** Error in `/usr/local/openldap/libexec/slapd': munmap_chunk():
invalid pointer: 0x00007f2b14100986 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x7ada4)[0x7f2d8a9d7da4]
/usr/local/openldap/libexec/slapd(ldap_back_controls_free+0xc1)[0x5181a1]
/usr/local/openldap/libexec/slapd[0x522ba8]
/usr/local/openldap/libexec/slapd[0x51a959]
/usr/local/openldap/libexec/slapd[0x51c193]
/usr/local/openldap/libexec/slapd[0x4a5118]
/usr/local/openldap/libexec/slapd[0x44f286]
/usr/local/openldap/libexec/slapd[0x44f787]
/usr/local/openldap/libexec/slapd(slap_send_ldap_extended+0xc0)[0x450880]
/usr/local/openldap/libexec/slapd(fe_extended+0xba)[0x46f26a]
/usr/local/openldap/libexec/slapd(overlay_op_walk+0x92)[0x4a5c42]
/usr/local/openldap/libexec/slapd[0x4a5d7e]
/usr/local/openldap/libexec/slapd(do_extended+0x24e)[0x46efbe]
/usr/local/openldap/libexec/slapd[0x4407ee]
/usr/local/openldap/libexec/slapd[0x440aca]
/usr/local/openldap/libexec/slapd[0x590769]
/lib64/libpthread.so.0(+0x7dc5)[0x7f2d8be00dc5]
/lib64/libc.so.6(clone+0x6d)[0x7f2d8aa5473d]
======= Memory map: ========
00400000-00683000 r-xp 00000000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00882000-00883000 r--p 00282000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00883000-00893000 rw-p 00283000 fd:00 68054818
/usr/local/openldap/libexec/slapd
00893000-00939000 rw-p 00000000 00:00 0
022d2000-02768000 rw-p 00000000 00:00 0
[heap]
7f2b14000000-7f2b1411f000 rw-p 00000000 00:00 0
7f2b1411f000-7f2b18000000 ---p 00000000 00:00 0
7f2b1afff000-7f2b1c000000 rw-p 00000000 00:00 0
7f2b1c000000-7f2b1c021000 rw-p 00000000 00:00 0
7f2b1c021000-7f2b20000000 ---p 00000000 00:00 0
7f2b20000000-7f2b20117000 rw-p 00000000 00:00 0
7f2b20117000-7f2b24000000 ---p 00000000 00:00 0
7f2b24000000-7f2b24021000 rw-p 00000000 00:00 0


I'm not sure if it is a known bug or misconfiguration. If someone wants
the java testprogram i'll can send it per pm or give a download link.


best regards
Michael



-- 
Michael Wandel
Braakstraße 43
33647 Bielefeld

Follow-Ups:
- Re: consumer abort with chain overlay
  - From: Quanah Gibson-Mount <quanah@symas.com>

Prev by Date: Re: [Spam] Re: Syncrepl and multipe values
Next by Date: Re: contextCSN not found on consumer!
Index(es):
- Chronological
- Thread