Correction, my openldap version is 2.4.45(typo'ed in previous post). On Wed, Dec 13, 2017 at 11:23 AM Scott Koch <[email protected]> wrote:
> This is an RPM of openldap I built from the latest upstream source. This > slapd server is running on RHEL 7.4 x86_64. > > Error message: > 2017-12-13T00:13:34.944152-05:00 ldap1.example.com kernel: slapd[983]: > segfault at 766f6730 ip 00007f0272e2549b sp 00007f02017f55b8 error 4 in > libc-2.17.so[7f0272ce8000+1b8000] > > We have seen 15 or so instances of this issue and in all cases the last > LDAP operations follow the same pattern where there is an ABANDON and > UNBIND, then there is a SRCH operation. See log output below of full > connection for the client that performs the last operation. > > Let me know if there is any other information I can provide to help > troubleshoot this problem. > > Thanks in advance for the help! > -Scott > > 2017-12-13T00:13:03.560693-05:00 ldap1.example.com slapd[26514]: > conn=873638 fd=105 ACCEPT from IP=10.0.4.37:48520 (IP=0.0.0.0:389) > > 2017-12-13T00:13:03.560869-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=0 EXT oid=1.3.6.1.4.1.1466.20037 > > 2017-12-13T00:13:03.561012-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=0 STARTTLS > > 2017-12-13T00:13:03.561211-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=0 RESULT oid= err=0 text= > > 2017-12-13T00:13:03.569367-05:00 ldap1.example.com slapd[26514]: > conn=873638 fd=105 TLS established tls_ssf=256 ssf=256 > > 2017-12-13T00:13:03.569853-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=1 SRCH base="" scope=0 deref=0 filter="(objectClass=*)" > > 2017-12-13T00:13:03.570014-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=1 SRCH attr=* altServer namingContexts supportedControl > supportedExtension supportedFeatures supportedLDAPVersion > supportedSASLMechanisms domainControllerFunctionality defaultNamingContext > lastUSN highestCommittedUSN > > 2017-12-13T00:13:03.570215-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= > > 2017-12-13T00:13:03.571953-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 > filter="(&(?objectClass=sudoRole)(|(!(?sudoHost=*))(?sudoHost=ALL)(?sudoHost= > node1713.example.com)(?sudoHost=node1713)(?sudoHost=10.0.4.37)(?sudoHost= > 10.134.0.0/18)(?sudoHost=ffff::ffff:ffff:fff:ffff)(?sudoHost=fe80::/64)(?sudoHost=+*)(|(?sudoHost=*\5C*)(?sudoHost=*?*)(?sudoHost=*\2A*)(?sudoHost=*[*]*))) > <http://10.134.0.0/18)(?sudoHost=ffff::ffff:ffff:fff:ffff)(?sudoHost=fe80::/64)(?sudoHost=+*)(%7C(?sudoHost=*%5C5C*)(?sudoHost=*?*)(?sudoHost=*%5C2A*)(?sudoHost=*[*]*)))> > )" > > 2017-12-13T00:13:03.572214-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=2 SRCH attr=objectClass cn sudoCommand sudoHost sudoUser > sudoOption sudoRunAs sudoRunAsUser sudoRunAsGroup sudoNotBefore > sudoNotAfter sudoOrder modifyTimestamp > > 2017-12-13T00:13:03.573488-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text= > > 2017-12-13T00:13:34.943439-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=4 ABANDON msg=4 > > 2017-12-13T00:13:34.943694-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=3 SRCH base="dc=example,dc=com" scope=2 deref=0 > filter="(&(uid=ntp)(objectClass=posixAccount)(&(uidNumber=*)(!(uidNumber=0))))" > > 2017-12-13T00:13:34.943885-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=5 UNBIND > > 2017-12-13T00:13:34.944092-05:00 ldap1.example.com slapd[26514]: > conn=873638 op=3 SRCH attr=objectClass uid userPassword uidNumber gidNumber > gecos homeDirectory loginShell krbPrincipalName cn modifyTimestamp > modifyTimestamp shadowLastChange shadowMin shadowMax shadowWarning > shadowInactive shadowExpire shadowFlag krbLastPwdChange > krbPasswordExpiration pwdAttribute authorizedService accountExpires > userAccountControl nsAccountLock host loginDisabled loginExpirationTime > loginAllowedTimeMap sshPublicKey mail >
