Hi guys,
I've got the following components: Mozilla LDAP C SDK 5.1.7 and NSS
3.11 & NSPR 4.6 as the downloaded binaries from the Mozilla FTP site for
the Solaris 5.9 sparc platform.
To use these components, I've a short piece of C code to develop my
understanding of connecting and binding to an LDAP directory. The code
I'll include shortly but the functions I'm using are:
ldap_init( MYLDAP_HOSTNAME, MYLDAP_PORT )
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &ldap_version )
ldap_start_tls_s( ld, NULL, NULL );
ldap_bind_s( ld, MYBIND_DN, MYBIND_PW, LDAP_AUTH_SIMPLE );
ldap_unbind( ld );
If I don't use the ldap_start_tls_s, everything works - but the exercise
I'm trying to do is have security. This confirms for me however that
the server details, the binding DN and password are valid.
When executing the code with the ldap_start_tls_s I get segmentation
fault while it's trying to ldap_bind_s. From 'mdb', the stack trace of
the core is:
ffbff7e8 libnss3.so`NSSRWLock_LockRead+0x14(0, ff28e3b4,
ffffe000, ff243740, 497ac, 0)
ffbff848 libnss3.so`PK11_TokenExists+0x58(1, 0, 0, 1, 4, 0)
ffbff8a8 libssl3.so`ssl3_config_match_init+0x16c(0, 6, ff2e8258,
28548, 1, ff2e8554)
ffbff908 libssl3.so`ssl2_BeginClientHandshake+0x7c(28548, 0,
20f5c, ff1283ec, ff2f9078, 0)
ffbff978 libssl3.so`ssl_Do1stHandshake+0xf0(0, ff2d60e4, 20f5c,
0, 28548, 1)
ffbff9d8 libssl3.so`ssl_SecureSend+0x1f0(28548, 34594, 46, 0,
28548, 1e46c)
ffbffa38 libssl3.so`ssl_Send+0x5c(21758, 34594, 46, 0, ffffffff,
ff2dabc4)
ffbffa98 libprldap50.so`prldap_write+0x44(4, 34594, 46, 21440,
0, 34594)
ffbffaf8 libldap50.so`ber_flush+0x114(20f98, 34470, 0, 0,
4000000, c0000000)
ffbffb58 libldap50.so`nsldapi_send_ber_message+0x5c(0, 20f98,
34470, 0, 0, 3)
ffbffbb8 libldap50.so`nsldapi_send_server_request+0x6dc(20de0,
34470, 1, 0, 0, 24498)
ffbffc20 libldap50.so`nsldapi_send_initial_request+0x34(20de0,
2, 60, 10ae0, 34470, 0)
ffbffc88 libldap50.so`simple_bind_nolock+0x404(20de0, 10ae0,
10b10, 1, 4e8, ffbffd64)
ffbffd00 libldap50.so`ldap_simple_bind_s+0x3c(20de0, 10ae0,
10b10, 80, 4e8, ff3d8268)
ffbffd68 main+0x114(1, ffbffe4c, ffbffe54, 20dd0, 0, 0)
ffbffde8 _start+0x5c(0, 0, 0, 0, 0, 0)
I switched from using the "OPT" build of NSS to the "DBG" build and this
time, it reports an "Assertion failure: mod != NULL, at
pk11slot.c:1844", and then gives the core dump:
ffbff5a8 libc.so.1`_lwp_kill+8(6, 0, ffbff668, ff25b5d4, 734,
fefc027c)
ffbff608 libc.so.1`abort+0x100(ff25b5c8, ff25b5d4, 734, 0, 0, 0)
ffbff698 libnss3.so`PK11_GetInternalSlot+0x64(0, 0, 0, 0, 0, 0)
ffbff708 libnss3.so`PK11_TokenExists+0x24(1, 1, 20f5c, ff04837c,
21, ffbff8a4)
ffbff788 libssl3.so`ssl3_config_match_init+0x288(26510, 1,
20f5c, ff04837c, 2, ffbff914)
ffbff820 libssl3.so`ssl2_ConstructCipherSpecs+0x16c(26510, 1,
20f5c, ff04837c, 2, 0)
ffbff8b8 libssl3.so`ssl2_BeginClientHandshake+0xd4(26510, 0,
20f5c, ff0483ec, c, 400)
ffbff948 libssl3.so`ssl_Do1stHandshake+0x314(26510, 0, 20f5c, 0,
292b0, 1)
ffbff9b8 libssl3.so`ssl_SecureSend+0x2a8(26510, 3255c, 46, 0, 7,
ffbffab4)
ffbffa28 libssl3.so`ssl_Send+0x124(21758, 3255c, 46, 0,
ffffffff, 400)
ffbffa98 libprldap50.so`prldap_write+0x44(4, 3255c, 46, 21440,
0, 3255c)
ffbffaf8 libldap50.so`ber_flush+0x114(20f98, 32438, 0, 0,
4000000, c0000000)
ffbffb58 libldap50.so`nsldapi_send_ber_message+0x5c(0, 20f98,
32438, 0, 0, 3)
ffbffbb8 libldap50.so`nsldapi_send_server_request+0x6dc(20de0,
32438, 1, 0, 0, 22488)
ffbffc20 libldap50.so`nsldapi_send_initial_request+0x34(20de0,
2, 60, 10ae0, 32438, 0)
ffbffc88 libldap50.so`simple_bind_nolock+0x404(20de0, 10ae0,
10b10, 1, 4e8, ffbffd64)
ffbffd00 libldap50.so`ldap_simple_bind_s+0x3c(20de0, 10ae0,
10b10, 80, 4e8, ff3d8268)
ffbffd68 main+0x114(1, ffbffe4c, ffbffe54, 20dd0, 0, 0)
ffbffde8 _start+0x5c(0, 0, 0, 0, 0, 0)
I would very much appreciate some guidance as to where I'm going wrong
please. As promised, the source code.
#include <stdio.h>
#include "ldap.h"
#define MYLDAP_HOSTNAME "ldap-host"
#define MYLDAP_PORT 389
#define MYBIND_DN "cn=myuser,dc=mytest,dc=com"
#define MYBIND_PW "itsasecret"
main(int argc, char **argv)
{
LDAP *ld;
int ldap_version = LDAP_VERSION3;
int resultcode;
if( ( ld = ldap_init( MYLDAP_HOSTNAME, MYLDAP_PORT ) )
== NULL )
{
printf( "ldap_init( %s, %d ) failed. \n",
MYLDAP_HOSTNAME, MYLDAP_PORT );
return( -1 );
}
printf( "ldap_init( %s, %d ) done. \n", MYLDAP_HOSTNAME,
MYLDAP_PORT );
ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION,
&ldap_version );
resultcode = ldap_start_tls_s( ld, NULL, NULL );
if ( resultcode != LDAP_SUCCESS )
{
printf( "ldap_start_tls_s failed. \n" );
return( -1 );
}
printf( "ldap_start_tls_s done. \n" );
resultcode = ldap_bind_s( ld, MYBIND_DN, MYBIND_PW,
LDAP_AUTH_SIMPLE );
printf( "ldap_bind_s( ld, %s, %s, LDAP_AUTH_SIMPLE )
done. resultcode = %d \n",MYBIND_DN, MYBIND_PW, resultcode );
if ( resultcode != LDAP_SUCCESS )
{
printf( "ldap_bind_s failed. \n" );
return( -1 );
}
printf("ldap_bind_s done. \n");
ldap_unbind( ld );
return( 0 );
}
Thanks,
-Paul.
_______________________________________________
dev-tech-ldap mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-ldap
