# openldap 2.4 slapd segfault



## yourlord (May 11, 2011)

I just set up an ldap server in a jail and have run into a snag. I'm mainly using ldap for authorization services. I'm running a roughly ywo month old installation of FreeBSD 8.2.

I installed the openldap24-server port and configured a few test accounts in the directory. I configured another jail to use pam_ldap and nss_ldap to authenticate telnet sessions against the directory. I found out rather quickly that each time I try to authenticate against the directory it crashes with a SIGSEGV.

In order to rule out the client jail, I configured a Linux machine to authenticate console logins against the directory, and the server crashes just the same when queried by the Linux machine.

The directory does authenticate sessions though. The Linux machine is able to authenticate against the directory just fine, but slapd seg faults during many of the transactions. It faults much more often when the client is the FreeBSD jail, but even when the Linux machine is the client the server won't last 10 sessions before crashing.

I can run ldapsearch and get results, but the server also randomly seg fault on searches. There is no indication in any logs of the cause. I've run the debug level up to 9 and it always fails at the same place.

The following is the end of a session where I used id to query the directory for a user account a few times. The last one is when the server crashes, returning no name for the groups.


```
user@linux:~$ id test
uid=10001(test) gid=10001(test) groups=10001(test)
user@linux:~$ id test
uid=10001(test) gid=10001(test) groups=10001
```


```
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read: failed (-30989)
<= bdb_equality_candidates: id=0, first=0, last=0
=> bdb_equality_candidates (objectClass)
=> key_read
<= bdb_index_read 3 candidates
<= bdb_equality_candidates: id=3, first=5, last=9
=> bdb_equality_candidates (memberUid)
<= bdb_equality_candidates: (memberUid) not indexed
=> bdb_equality_candidates (uniqueMember)
<= bdb_equality_candidates: (uniqueMember) not indexed
bdb_search_candidates: id=3 first=5 last=9
bdb_search: 5 does not match filter
bdb_search: 7 does not match filter
bdb_search: 9 does not match filter
send_ldap_result: conn=1003 op=5 p=3
send_ldap_response: msgid=6 tag=101 err=0
ber_flush2: 51 bytes to sd 10
daemon: activity on 1 descriptor
daemon: activity on: 10r
daemon: read activity on 10
Segmentation fault
```

I've deinstalled and recompiled the port more than once with no change. Anybody have any ideas?


----------



## mamalos (May 11, 2011)

Run it with *gdb*...from there you'll see the function it fails on. Try re-building it with debugging symbols if *gdb*'s output seems too peculiar.


----------



## yourlord (May 11, 2011)

As an update, I deinstalled the openldap 2.4 client and server ports and compiled the 2.3 counterparts.

The 2.3 server is running fine and authenticating every client without issue so far.

I'll create another testing jail and do some further digging on 2.4 as I'd rather be running the newer code base.


----------



## SirDice (May 12, 2011)

Did you use an alternate compiler? Or have any CFLAGS in /etc/make.conf?

If so, rebuild openldap with the standard compiler and remove CFLAGS and similar settings.


----------

