Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158351 - Assertion in ber_sockbuf_ctrl fails when looking up group information via LDAP
Summary: Assertion in ber_sockbuf_ctrl fails when looking up group information via LDAP
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openldap
Version: 4.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Jan Safranek
QA Contact: Jay Turner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-05-20 19:38 UTC by Jonathan Fischer
Modified: 2015-01-08 00:09 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-06-21 08:31:41 UTC


Attachments (Terms of Use)
Pam_ldap configuration file. (deleted)
2005-05-20 19:41 UTC, Jonathan Fischer
no flags Details

Description Jonathan Fischer 2005-05-20 19:38:50 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
When running 'getent group' to get a listing of groups in our LDAP server (Windows 2003 Active Directory), I get output that contains only the first group before getting an assertion in ber_sockbuf_ctrl.  This also occurs when attempting to start mailman, which is why we noticed the problem.

Version-Release number of selected component (if applicable):
openldap-2.2.13-2

How reproducible:
Always

Steps to Reproduce:
1. Run 'getent group' on a computer using LDAP to look up accounts & groups in Active Directory.


Actual Results:  ... (snipped as it's irrelevant)
xfs:x:43:
ntp:x:38:
gdm:x:42:
dovecot:x:97:
postdrop:x:90:
postfix:x:89:
mailman:x:41:
Staff:x:174:mniedens,QuotaServer,mcafee,wcraig2
getent: ../../../libraries/liblber/sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed.


Expected Results:  A complete list of Active Directory groups, and no assertions failing.

Additional info:

I'll attach our ldap.conf file to this bug; everything else has been left at the defaults.  System is fully up-to-date as of 12:38 PM Pacific Time, May 20 2005.

Comment 1 Jonathan Fischer 2005-05-20 19:41:42 UTC
Created attachment 114649 [details]
Pam_ldap configuration file.

Comment 2 Jonathan Fischer 2005-05-20 19:42:54 UTC
Appears to be similiar to this bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124549

Comment 3 Michael Jeanson 2005-06-27 15:23:25 UTC
I have the same problem on RHEL4 x86_64
The server is openldap and not active directory, the same configuration works
well on RHEL3.

Comment 4 Patrick Vachon 2005-07-22 14:59:29 UTC
I have the same problem with an OpenLDAP server in a master-slave configuration.
I've tried the following nss_ldap patches and it seems to work:

http://bugzilla.padl.com/show_bug.cgi?id=210
http://bugzilla.padl.com/show_bug.cgi?id=211

See also 
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161990
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069

Comment 5 Patrick Vachon 2005-07-22 15:26:56 UTC
Sorry, I spoke too fast :(

Comment 6 Rituraj 2006-05-09 10:08:43 UTC
This has been a blocker for us. I have even tried latest nss_ldap and pam_ldap 
as suggested. The setting (with referrals on) works under Redhat 9 but has a 
problem with RHEL/FC4 onwards.

Rituraj

Comment 7 Jay Fenlason 2006-05-09 14:08:20 UTC
Have you contacted Red Hat support?  Bugs without support requests attached 
are very difficult to get added to the lists of bugs to fix in upcoming update 
releases. 
 
Also, have you tried FC5 and/or Rawhide?  They have newer versions of OpenLDAP 
and nss_ldap in them, which may have this bug fixed already. 

Comment 8 Jan Safranek 2007-06-21 08:31:41 UTC
Please contack Red Hat support at http://redhat.com/support, which may help you
to resolve this issue.


Note You need to log in before you can comment on or make changes to this bug.