Our test Apache Directory Server is having trouble with what should be a simple operation, the lookup of which groups a user is a member of. Here's what is happening:
- User 'user1' logs into ubuntu client using ssh - Client connects to ADS server using libnss-ldapd - Client sends user lookup request to ADS, this succeeds - Client tries to find out which groups contain this user's memberUid - Server connection crashes with Null Pointer Exception, protocol error returned to client - Client login succeeds, but no LDAP group info is available This behavior is reproducible even with the simplest possible test directory (LDIF and other info shown below). Interesting point: the connection crash does not happen with a client using the older LDAP client libraries libnss-ldap:amd64 v265-5ubuntu1 and libpam-ldap:amd64 v186-4ubuntu1 . Has anyone else run into this kind of problem with libnss-ldapd? Is there perhaps an early build of AM27 available we could try instead? Matthew Melendy IT Services Specialist CS System Services Group FEC 3550, University of New Mexico -- getent.ldap passwd - properly shows user list pulled from LDAP getent.ldap group - provokes same crash getent.ldap group.bymember - provokes same crash -- example error shown by nslcd from client request 'getent.ldap group' nslcd: [8b4567] DEBUG: connection from pid=172510 uid=2001 gid=2000 nslcd: [8b4567] <group(all)> DEBUG: myldap_search(base="dc=cs,dc=unm,dc=edu", filter="(objectClass=posixGroup)") nslcd: [8b4567] <group(all)> DEBUG: ldap_initialize(ldap://xx.cs.unm.edu:389) nslcd: [8b4567] <group(all)> DEBUG: ldap_set_rebind_proc() nslcd: [8b4567] <group(all)> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [8b4567] <group(all)> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [8b4567] <group(all)> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [8b4567] <group(all)> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,10) nslcd: [8b4567] <group(all)> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,10) nslcd: [8b4567] <group(all)> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [8b4567] <group(all)> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [8b4567] <group(all)> DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://xx.cs.unm.edu:389";) nslcd: [8b4567] <group(all)> ldap_result() failed: Protocol error nslcd: [8b4567] <group(all)> DEBUG: ldap_abandon() nslcd: [8b4567] <group(all)> DEBUG: ldap_unbind() -- error shown in apacheds.log [13:06:40] WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception forcing session to close: sending disconnect notice to client. org.apache.mina.filter.codec.ProtocolDecoderException: java.lang.NullPointerException (Hexdump: 30 81 9C 02 01 02 63 63 04 13 64 63 3D 63 73 2C 64 63 3D 75 6E 6D 2C 64 63 3D 65 64 75 0A 01 02 0A 01 00 02 01 00 02 01 00 01 01 00 A3 19 04 0B 6F 62 6A 65 63 74 43 6C 61 73 73 04 0A 70 6F 73 69 78 47 72 6F 75 70 30 22 04 06 6D 65 6D 62 65 72 04 02 63 6E 04 09 6D 65 6D 62 65 72 55 69 64 04 09 67 69 64 4E 75 6D 62 65 72 A0 32 30 30 04 19 31 2E 33 2E 36 2E 31 2E 34 2E 31 2E 34 32 30 33 2E 36 36 36 2E 35 2E 31 36 04 13 30 11 30 0F 04 06 6D 65 6D 62 65 72 30 05 04 03 75 69 64) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:263) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1128) at org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:122) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650) at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:643) at org.apache.mina.core.polling.AbstractPollingIoProcessor.read(AbstractPollingIoProcessor.java:539) at org.apache.mina.core.polling.AbstractPollingIoProcessor.access$1200(AbstractPollingIoProcessor.java:68) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1222) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.process(AbstractPollingIoProcessor.java:1211) at org.apache.mina.core.polling.AbstractPollingIoProcessor$Processor.run(AbstractPollingIoProcessor.java:683) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:64) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:750) Caused by: java.lang.NullPointerException at org.apache.directory.api.ldap.codec.actions.controls.StoreControlValue.action(StoreControlValue.java:81) at org.apache.directory.api.ldap.codec.actions.controls.StoreControlValue.action(StoreControlValue.java:49) at org.apache.directory.api.asn1.ber.grammar.AbstractGrammar.executeAction(AbstractGrammar.java:136) at org.apache.directory.api.asn1.ber.Asn1Decoder.treatTLVDoneState(Asn1Decoder.java:604) at org.apache.directory.api.asn1.ber.Asn1Decoder.decode(Asn1Decoder.java:740) at org.apache.directory.api.ldap.codec.protocol.mina.LdapProtocolDecoder.decode(LdapProtocolDecoder.java:137) at org.apache.directory.api.ldap.codec.protocol.mina.LdapProtocolDecoder.decode(LdapProtocolDecoder.java:86) at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:254) ... 15 more --- Client configuration - Ubuntu 22.04.2 LTS x86_64 ii ldap-utils 2.5.13+dfsg-0ubuntu0.22.04.1 amd64 OpenLDAP utilities ii libldap-2.5-0:amd64 2.5.13+dfsg-0ubuntu0.22.04.1 amd64 OpenLDAP libraries ii libldap-common 2.5.13+dfsg-0ubuntu0.22.04.1 all OpenLDAP common files for libraries ii libnss-ldapd:amd64 0.9.12-2 amd64 NSS module for using LDAP as a naming service ii libpam-ldapd:amd64 0.9.12-2 amd64 PAM module for using LDAP as an authentication service ii nscd 2.35-0ubuntu3.1 amd64 GNU C Library: Name Service Cache Daemon --- client nslcd.conf uid nslcd gid nslcd uri ldap://xx.cs.unm.edu:389 base dc=cs,dc=unm,dc=edu ldap_version 3 tls_reqcert never --- Server configuration Ubuntu 22.04.2 LTS x86_64 Apache Directory Server 2.0.0.AM26 OpenJDK Runtime Environment (Temurin)(build 1.8.0_362-b09) --- Directory structure LDIF: version: 1 dn: uid=user1,ou=users,dc=cs,dc=unm,dc=edu objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: posixAccount objectClass: top cn: user1 gidNumber: 2000 homeDirectory: /home/user1 sn: User uid: user1 uidNumber: 2001 userPassword:: e01ENX1DNUhleFA2WUptb0RzVGExa2huUTFnPT0= dn: dc=cs,dc=unm,dc=edu objectclass: domain objectclass: top dc: cs dn: ou=groups,dc=cs,dc=unm,dc=edu objectClass: organizationalUnit objectClass: top ou: groups dn: cn=testgrp1,ou=groups,dc=cs,dc=unm,dc=edu objectClass: posixGroup objectClass: top cn: testgrp1 gidNumber: 3000 dn: ou=users,dc=cs,dc=unm,dc=edu objectClass: organizationalUnit objectClass: top ou: users dn: cn=testgrp2,ou=groups,dc=cs,dc=unm,dc=edu objectClass: posixGroup objectClass: top cn: testgrp2 gidNumber: 2000 memberUid: user1 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
