radiatejava wrote: > Hello experts Hi! I'm not an expert but I have a couple thoughts that others will probably correct me on 🙃
> We are using OpenLDAP lib ver 2.6.7 on Ubuntu 24.04. When doing LDAP search > using ldap_search_ext_s() we are getting assert failure. Any idea what could > be going wrong? The official OpenLDAP packages for Ubuntu 24.04 are indeed version 2.6.7 which you can see at https://packages.ubuntu.com/source/noble/openldap However, your application is loading the library from /opt/ldap/ at /opt/ldap/lib/libldap.so.2 which is not where Ubuntu ships it. This isn't itself a problem, but I want to make sure you're aware of that. If this was manually installed and you're sure it really is 2.6.7, you should try using the official build shipped with Ubuntu and see if this continues. If you have a reason that's not appropriate for your application then so be it, but otherwise it has all sensible features enabled and is in good shape. (A reason not to use Ubuntu's build is if your application relies on OpenLDAP using OpenSSL in particular instead of GnuTLS, like if it uses the LDAP_OPT_X_TLS_CTX option). You should also make sure when compiling your application that it uses header files from this custom installation in preference to any provided by Ubuntu's packages. What features is your custom OpenLDAP built with? Knowing if it has Cyrus SASL and OpenSSL or GnuTLS would be helpful. Also the backtrace is lacking details that would be helpful because debugging symbols for OpenLDAP are either not available or not very good. If—by some magic—this version installed in /opt/ldap/ actually *is* the same as what ships in Ubuntu's package, you can use these two GDB commands before starting your program to fetch the debugging symbols on-the-fly: set debuginfod enabled on set debuginfod urls https://debuginfod.ubuntu.com https://debuginfod.elfutils.org The backtrace after that will likely be more helpful. Lastly, your backtrace hints that several things are being done recursively. For example it seems like your rebind credentials callback myapp::getRebindCredentials() *itself* calls ldap_simple_bind_s() and tries to do further operations, and when it gets another referral it does this even one more time. I'm suspicious if the code is really reentrant like that, and the end of the backtrace alludes that the recursive operations could be causing a double-free or other memory corruption, which would explain everything. > #5 0x000071e8b9684409 in ldap_do_free_request () from > /opt/ldap/lib/libldap.so.2 > #6 0x000071e8b96b4bf9 in ldap_tavl_free () from /opt/ldap/lib/libldap.so.2 > #7 0x000071e8b968359a in ldap_free_connection () from > /opt/ldap/lib/libldap.so.2 > #8 0x000071e8b9683e9c in ldap_new_connection () from > /opt/ldap/lib/libldap.so.2 > #9 0x000071e8b9682aa7 in ldap_send_server_request () from > /opt/ldap/lib/libldap.so.2 > #10 0x000071e8b9685619 in ldap_chase_v3referrals () from > /opt/ldap/lib/libldap.so.2 > #11 0x000071e8b9667640 in try_read1msg () from /opt/ldap/lib/libldap.so.2 > #12 0x000071e8b9666515 in wait4msg () from /opt/ldap/lib/libldap.so.2 > #13 0x000071e8b9665f09 in ldap_result () from /opt/ldap/lib/libldap.so.2 > #14 0x000071e8b9672a95 in ldap_sasl_bind_s () from /opt/ldap/lib/libldap.so.2 > #15 0x000071e8b96740b2 in ldap_simple_bind_s () from > /opt/ldap/lib/libldap.so.2 > #16 0x000071e8bb737e2a in myapp::getRebindCredentials(ldap*, char const*, > unsigned long, int, void*) () from > /mgmt/usr/lib/x86_64-linux-gnu/libsvc_myapp.so > #17 0x000071e8b9683e0b in ldap_new_connection () from > /opt/ldap/lib/libldap.so.2 > #18 0x000071e8b9682aa7 in ldap_send_server_request () from > /opt/ldap/lib/libldap.so.2 > #19 0x000071e8b9685619 in ldap_chase_v3referrals () from > /opt/ldap/lib/libldap.so.2 > #20 0x000071e8b9667640 in try_read1msg () from /opt/ldap/lib/libldap.so.2 > #21 0x000071e8b9666515 in wait4msg () from /opt/ldap/lib/libldap.so.2 > #22 0x000071e8b9665f09 in ldap_result () from /opt/ldap/lib/libldap.so.2 > #23 0x000071e8b966acf7 in ldap_pvt_search_s () from /opt/ldap/lib/libldap.so.2 > #24 0x000071e8b966ac25 in ldap_search_ext_s () from /opt/ldap/lib/libldap.so.2 > #25 0x000071e8bb732c15 in > myapp::LdapAuthenticationBroker::doLdapAuthenticate() () from > /mgmt/usr/lib/x86_64-linux-gnu/libsvc_myapp.so > #26 0x000071e8bb732484 in myapp::LdapAuthenticationBroker::start(bool&, void > (*)(myapp::ExternalAuthenticationBroker*)) () from > /mgmt/usr/lib/x86_64-linux-gnu/libsvc_myapp.so I hope any of those ideas gives you a lead. If possible, I'd like to know what's going in inside myapp::getRebindCredentials() in particular.
signature.asc
Description: This is a digitally signed message part
