Re: [nssldap] Segmentation Faults for Ldap Accounts

[Jim Summers <jsummers [at] bachman.cs.ou.edu>]

Andrew Morgan wrote:
> On Fri, 11 Apr 2008, Jim Summers wrote:
>
> > Here is the output from ldd on the pjm ( brightq ) binary:
> >
> > ldd pjm
> >        linux-gate.so.1 =>  (0x00110000)
> >        libutil.so.1 => /lib/libutil.so.1 (0x004be000)
> >        libnsl.so.1 => /lib/libnsl.so.1 (0x00a92000)
> >        libresolv.so.2 => /lib/libresolv.so.2 (0x00320000)
> >        libdl.so.2 => /lib/libdl.so.2 (0x00c90000)
> >        libXi.so.6 => /usr/lib/libXi.so.6 (0x00235000)
> >        libXext.so.6 => /usr/lib/libXext.so.6 (0x00136000)
> >        libX11.so.6 => /usr/lib/libX11.so.6 (0x00cd8000)
> >        libm.so.6 => /lib/libm.so.6 (0x00c65000)
> >        libc.so.6 => /lib/libc.so.6 (0x00b0a000)
> >        /lib/ld-linux.so.2 (0x00aeb000)
> >        libXau.so.6 => /usr/lib/libXau.so.6 (0x00cd3000)
> >        libxcb-xlib.so.0 => /usr/lib/libxcb-xlib.so.0 (0x00ccf000)
> >        libxcb.so.1 => /usr/lib/libxcb.so.1 (0x00dd6000)
> >        libXdmcp.so.6 => /usr/lib/libXdmcp.so.6 (0x00cc7000)
> >
> > and from nss_ldap.so:
> >
> > ldd libnss_ldap.so
> >        linux-gate.so.1 =>  (0x00110000)
> >        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x00167000)
> >        libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0x00180000)
> >        libssl.so.6 => /lib/libssl.so.6 (0x001ae000)
> >        libdl.so.2 => /lib/libdl.so.2 (0x001f3000)
> >        libnsl.so.1 => /lib/libnsl.so.1 (0x001f8000)
> >        libresolv.so.2 => /lib/libresolv.so.2 (0x00211000)
> >        libc.so.6 => /lib/libc.so.6 (0x00225000)
> >        libcrypt.so.1 => /lib/libcrypt.so.1 (0x0037e000)
> >        libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0x003b0000)
> >        libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0x00443000)
> >        libcom_err.so.2 => /lib/libcom_err.so.2 (0x00469000)
> >        libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0x0046c000)
> >        libkeyutils.so.1 => /lib/libkeyutils.so.1 (0x00475000)
> >        libcrypto.so.6 => /lib/libcrypto.so.6 (0x00478000)
> >        libz.so.1 => /lib/libz.so.1 (0x005ab000)
> >        /lib/ld-linux.so.2 (0x00aeb000)
> >        libselinux.so.1 => /lib/libselinux.so.1 (0x005be000)
> >
> > Could it be that since pjm does not have any of the crypt, sasl, ssl 
> > stuff compiled in, that it is getting something that is encrypted and 
> > can not handle it correctly?  If so, how would this be remedied?
>
> Those look fine to me, unless pjm is dynamicly loading an SSL library.
>
> > I think I am going to look and see if there are compat packages that 
> > may be missing.
> >
> > Ideas / Suggestions?
>
> What about turning off SSL in nss-ldap temporarily?  That could narrow 
> the problem down.  Also, you could run strace on pjm and see which 
> system call actually segfaults it.

I turned off ssl and the pjm program worked.  Turned it back on and the 
pjm segfaults.

Here is my ldap.conf, which is also the same as the one on the FC5 and 
FC6 clients:

uri ldaps://server1 ldaps://server2
base dc=ou,dc=edu
binddn cn=bind0,ou=profile,dc=ou,dc=edu
bindpw ++++++++
port 636
#port 389
#idle_timelimit 3600
ssl on
tls_checkpeer no
pam_password crypt
pam_lookup_policy yes
#debug 1

I am not sure what to look for in my ssl/tls setup.  The whole thing is 
running off of self-signed certificates.

Thanks again!


>     Andy

--
Jim Summers
Computer Science - University of Oklahoma