Brian T. Roy wrote:
> Platform is FC6.
>
> LDAP auth worked with libnss_ladap-2.4.90 AND libnss_ldap-2.5 HOWEVER
> after the 2.5 update (via Software Updater) Admin Server child
> processes crashed when loading libnss_ldap.so.2.
>
> The second un-updated system (the one I pulled libnss_ldap-2.4.90.so
> from) is also FC6.
>
> Log Snips:
>
> Admin Server Error Log (showing the period when the reboot after
> Software Updater update):
>
> [Fri Aug 24 11:55:07 2007] [notice] [client ::1]
> admserv_host_ip_check: host [localhost.localdomain] did not match
> pattern [*.santan.brianandkelly.ws] -will scan aliases
> [Fri Aug 24 11:55:07 2007] [notice] [client ::1]
> admserv_host_ip_check: host alias [localhost] did not match pattern
> [*.santan.brianandkelly.ws]
> [Fri Aug 24 11:55:07 2007] [notice] [client ::1]
> admserv_check_authz(): passing [/admin-serv/authenticate] to the
> userauth handler
> [Wed Oct 24 09:53:30 2007] [notice] caught SIGTERM, shutting down
> [Wed Oct 24 09:58:51 2007] [notice] Access Host filter is:
> *.santan.brianandkelly.ws
> [Wed Oct 24 09:58:51 2007] [notice] Access Address filter is: *
> [Wed Oct 24 09:58:52 2007] [notice] Access Host filter is:
> *.santan.brianandkelly.ws
> [Wed Oct 24 09:58:52 2007] [notice] Access Address filter is: *
> [Wed Oct 24 09:58:52 2007] [notice] Apache/2.2.6 (Unix) mod_nss/2.2.3
> NSS/3.11.3 configured -- resuming normal operations
> [Wed Oct 24 09:58:53 2007] [notice] child pid 3327 exit signal
> Segmentation fault (11)
> [Wed Oct 24 09:58:55 2007] [notice] child pid 3328 exit signal
> Segmentation fault (11)
> [Wed Oct 24 09:58:57 2007] [notice] child pid 3348 exit signal
> Segmentation fault (11)
> [Wed Oct 24 09:58:59 2007] [notice] child pid 3350 exit signal
> Segmentation fault (11)
>
>
> Content of strace on Segmentation Faulting admin server child process:
>
> <clip - standar stuff... looking for libnss_ldap.so.2>
I don't know if it is possible to use admin server on a system that uses
passwd: ldap or shadow: ldap in /etc/nsswitch.conf. The mozldap
libraries used by admin server are not binary compatible with the
openldap libraries used by nss_ldap. They do not co-exist in the same
executable. There is a hack using LD_PRELOAD that forces mozldap to be
loaded first. So probably what's happening is that nss_ldap is using
symbols from mozldap, which causes it to blow up.
Does anyone have admin server working on a system that uses passwd:
ldap? Can you use passwd: files ldap to get around this problem? Or
will it simply not work?
>
> open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = 32
> read(32,
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`&\0\0004\0\0\0"...,
> 512) = 512
> fstat64(32, {st_mode=S_IFREG|0755, st_size=84552, ...}) = 0
> mmap2(NULL, 129408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE,
> 32, 0) = 0x6f2d0000
> mmap2(0x6f2e4000, 4096, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 32, 0x14) = 0x6f2e4000
> mmap2(0x6f2e5000, 43392, PROT_READ|PROT_WRITE,
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x6f2e5000
> close(32) = 0
> munmap(0xb729d000, 57248) = 0
> rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
> geteuid32() = 0
> futex(0x6f2e4544, FUTEX_WAKE, 2147483647) = 0
> open("/etc/ldap.conf", O_RDONLY) = 32
> fstat64(32, {st_mode=S_IFREG|0644, st_size=6182, ...}) = 0
> fstat64(32, {st_mode=S_IFREG|0644, st_size=6182, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7f5f000
> read(32, "#\n# This is the configuration fi"..., 4096) = 4096
> read(32, "7objectclass\tmapped_objectclass\n"..., 4096) = 2086
> read(32, "", 4096) = 0
> close(32) = 0
> munmap(0xb7f5f000, 4096) = 0
> uname({sys="Linux", node="royhomegp02.santan.brianandkelly.ws", ...}) = 0
> open("/etc/hosts", O_RDONLY) = 32
> fcntl64(32, F_GETFD) = 0
> fcntl64(32, F_SETFD, FD_CLOEXEC) = 0
> fstat64(32, {st_mode=S_IFREG|0644, st_size=194, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb7f5f000
> read(32, "# Do not remove the following li"..., 4096) = 194
> read(32, "", 4096) = 0
> close(32) = 0
> munmap(0xb7f5f000, 4096) = 0
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 32
> connect(32, {sa_family=AF_INET, sin_port=htons(53),
> sin_addr=inet_addr("192.168.0.5")}, 28) = 0
> fcntl64(32, F_GETFL) = 0x2 (flags O_RDWR)
> fcntl64(32, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> gettimeofday({1194384239, 115881}, NULL) = 0
> poll([{fd=32, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
> send(32, "\23\0\1\0\0\1\0\0\0\0\0\0\vroyhomegp02\6santan\r"..., 53,
> MSG_NOSIGNAL) = 53
> poll([{fd=32, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
> ioctl(32, FIONREAD, [111]) = 0
> recvfrom(32,
> "\23\0\205\200\0\1\0\1\0\1\0\1\vroyhomegp02\6santan\r"..., 1024, 0,
> {sa_family=AF_INET, sin_port=htons(53),
> sin_addr=inet_addr("192.168.0.5")}, [16]) = 111
> close(32) = 0
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> chdir("/opt/fedora-ds/admin-serv") = 0
> rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
> kill(7265, SIGSEGV) = 0
> sigreturn() = ? (mask now [])
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>
>
> Brian T. Roy
> b.t.roy at brianandkelly.ws <mailto:b.t.roy at brianandkelly.ws>
>
> Visit my blog @: http://briantroy.com/blog
>
> The greatest mistake you can make in life is to be continually fearing
> you will make one.
> ? Elbert Hubbard (1856-1915), The Note Book
>
>
> On Nov 9, 2007, at 10:00 AM, fedora-directory-users-request at redhat.com
> <mailto:fedora-directory-users-request at redhat.com> wrote:
>
>> * **Re: libnss_ldap-2.5.0.so update breaks
>> admin server.*
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20071109/ea74265b/attachment.bin
