[Fedora-directory-users] libnss_ldap-2.5.0.so update breaks admin server.

Richard Megginson rmeggins at redhat.com
Fri Nov 9 20:00:39 UTC 2007 

Brian T. Roy wrote:
> Platform is FC6.
>
> LDAP auth worked with libnss_ladap-2.4.90 AND libnss_ldap-2.5 HOWEVER 
> after the 2.5 update (via Software Updater) Admin Server child 
> processes crashed when loading libnss_ldap.so.2.
>
> The second un-updated system (the one I pulled libnss_ldap-2.4.90.so 
> from) is also FC6.
>
> Log Snips:
>
> Admin Server Error Log (showing the period when the reboot after 
> Software Updater update):
>
> [Fri Aug 24 11:55:07 2007] [notice] [client ::1] 
> admserv_host_ip_check: host [localhost.localdomain] did not match 
> pattern [*.santan.brianandkelly.ws] -will scan aliases
> [Fri Aug 24 11:55:07 2007] [notice] [client ::1] 
> admserv_host_ip_check: host alias [localhost] did not match pattern 
> [*.santan.brianandkelly.ws]
> [Fri Aug 24 11:55:07 2007] [notice] [client ::1] 
> admserv_check_authz(): passing [/admin-serv/authenticate] to the 
> userauth handler
> [Wed Oct 24 09:53:30 2007] [notice] caught SIGTERM, shutting down
> [Wed Oct 24 09:58:51 2007] [notice] Access Host filter is: 
> *.santan.brianandkelly.ws
> [Wed Oct 24 09:58:51 2007] [notice] Access Address filter is: *
> [Wed Oct 24 09:58:52 2007] [notice] Access Host filter is: 
> *.santan.brianandkelly.ws
> [Wed Oct 24 09:58:52 2007] [notice] Access Address filter is: *
> [Wed Oct 24 09:58:52 2007] [notice] Apache/2.2.6 (Unix) mod_nss/2.2.3 
> NSS/3.11.3 configured -- resuming normal operations
> [Wed Oct 24 09:58:53 2007] [notice] child pid 3327 exit signal 
> Segmentation fault (11)
> [Wed Oct 24 09:58:55 2007] [notice] child pid 3328 exit signal 
> Segmentation fault (11)
> [Wed Oct 24 09:58:57 2007] [notice] child pid 3348 exit signal 
> Segmentation fault (11)
> [Wed Oct 24 09:58:59 2007] [notice] child pid 3350 exit signal 
> Segmentation fault (11)
>
>
> Content of strace on Segmentation Faulting admin server child process:
>
> <clip - standar stuff... looking for libnss_ldap.so.2>
I don't know if it is possible to use admin server on a system that uses 
passwd: ldap or shadow: ldap in /etc/nsswitch.conf.  The mozldap 
libraries used by admin server are not binary compatible with the 
openldap libraries used by nss_ldap.  They do not co-exist in the same 
executable.  There is a hack using LD_PRELOAD that forces mozldap to be 
loaded first.  So probably what's happening is that nss_ldap is using 
symbols from mozldap, which causes it to blow up.

Does anyone have admin server working on a system that uses passwd: 
ldap?  Can you use passwd: files ldap to get around this problem?  Or 
will it simply not work?
>
> open("/usr/lib/libnss_ldap.so.2", O_RDONLY) = 32
> read(32, 
> "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`&\0\0004\0\0\0"..., 
> 512) = 512
> fstat64(32, {st_mode=S_IFREG|0755, st_size=84552, ...}) = 0
> mmap2(NULL, 129408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 
> 32, 0) = 0x6f2d0000
> mmap2(0x6f2e4000, 4096, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 32, 0x14) = 0x6f2e4000
> mmap2(0x6f2e5000, 43392, PROT_READ|PROT_WRITE, 
> MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x6f2e5000
> close(32)                               = 0
> munmap(0xb729d000, 57248)               = 0
> rt_sigaction(SIGPIPE, {SIG_IGN}, {SIG_IGN}, 8) = 0
> geteuid32()                             = 0
> futex(0x6f2e4544, FUTEX_WAKE, 2147483647) = 0
> open("/etc/ldap.conf", O_RDONLY)        = 32
> fstat64(32, {st_mode=S_IFREG|0644, st_size=6182, ...}) = 0
> fstat64(32, {st_mode=S_IFREG|0644, st_size=6182, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
> 0) = 0xb7f5f000
> read(32, "#\n# This is the configuration fi"..., 4096) = 4096
> read(32, "7objectclass\tmapped_objectclass\n"..., 4096) = 2086
> read(32, "", 4096)                      = 0
> close(32)                               = 0
> munmap(0xb7f5f000, 4096)                = 0
> uname({sys="Linux", node="royhomegp02.santan.brianandkelly.ws", ...}) = 0
> open("/etc/hosts", O_RDONLY)            = 32
> fcntl64(32, F_GETFD)                    = 0
> fcntl64(32, F_SETFD, FD_CLOEXEC)        = 0
> fstat64(32, {st_mode=S_IFREG|0644, st_size=194, ...}) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 
> 0) = 0xb7f5f000
> read(32, "# Do not remove the following li"..., 4096) = 194
> read(32, "", 4096)                      = 0
> close(32)                               = 0
> munmap(0xb7f5f000, 4096)                = 0
> socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 32
> connect(32, {sa_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("192.168.0.5")}, 28) = 0
> fcntl64(32, F_GETFL)                    = 0x2 (flags O_RDWR)
> fcntl64(32, F_SETFL, O_RDWR|O_NONBLOCK) = 0
> gettimeofday({1194384239, 115881}, NULL) = 0
> poll([{fd=32, events=POLLOUT, revents=POLLOUT}], 1, 0) = 1
> send(32, "\23\0\1\0\0\1\0\0\0\0\0\0\vroyhomegp02\6santan\r"..., 53, 
> MSG_NOSIGNAL) = 53
> poll([{fd=32, events=POLLIN, revents=POLLIN}], 1, 5000) = 1
> ioctl(32, FIONREAD, [111])              = 0
> recvfrom(32, 
> "\23\0\205\200\0\1\0\1\0\1\0\1\vroyhomegp02\6santan\r"..., 1024, 0, 
> {sa_family=AF_INET, sin_port=htons(53), 
> sin_addr=inet_addr("192.168.0.5")}, [16]) = 111
> close(32)                               = 0
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
> chdir("/opt/fedora-ds/admin-serv")      = 0
> rt_sigaction(SIGSEGV, {SIG_DFL}, {SIG_DFL}, 8) = 0
> kill(7265, SIGSEGV)                     = 0
> sigreturn()                             = ? (mask now [])
> --- SIGSEGV (Segmentation fault) @ 0 (0) ---
>
>  
> Brian T. Roy
> b.t.roy at brianandkelly.ws <mailto:b.t.roy at brianandkelly.ws>
>
> Visit my blog @: http://briantroy.com/blog
>
> The greatest mistake you can make in life is to be continually fearing 
> you will make one.
> — Elbert Hubbard (1856-1915), The Note Book
>
>
> On Nov 9, 2007, at 10:00 AM, fedora-directory-users-request at redhat.com 
> <mailto:fedora-directory-users-request at redhat.com> wrote:
>
>> * **Re: [Fedora-directory-users] libnss_ldap-2.5.0.so update breaks 
>> admin server.*
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20071109/ea74265b/attachment.bin>

More information about the 389-users mailing list