Re: [Ltb-users] question - slapd won't run with check_password.so

Mon, 02 Nov 2015 00:06:55 -0800 


Le 30/10/2015 20:11, kevin martin a écrit :

I compiled and installed the check_password.so module and moduleload 
it in my slapd.conf file but with it moduleloaded slapd won't run. 
 strace shows (when run with -u ldap):


access("/usr/local/libexec/openldap/check_password.so", R_OK) = 0

open("/usr/local/libexec/openldap/check_password.so", 
O_RDONLY|O_CLOEXEC) = 10
read(10, 
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\t\0\0\0\0\0\0"..., 
832) = 832
fstat(10, {st_dev=makedev(252, 0), st_ino=138492, 
st_mode=S_IFREG|0744, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, 
st_blocks=96, st_size=48856, st_atime=2015/10/30-11:57:23, 
st_mtime=2015/10/30-11:57:15, st_ctime=2015/10/30-11:57:15}) = 0
mmap(NULL, 2105504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 
10, 0) = 0x7f00b376c000

mprotect(0x7f00b376e000, 2093056, PROT_NONE) = 0

mmap(0x7f00b396d000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 10, 0x1000) = 0x7f00b396d000

close(10)                               = 0
mprotect(0x7f00b396d000, 4096, PROT_READ) = 0

init_module(0, 0, "")                   = -1 EPERM (Operation not 
permitted)

munmap(0x7f00b376c000, 2105504)         = 0
close(9)                                = 0
munmap(0x7f00b75d6000, 4096)            = 0

write(2, "5633c0af slapd destroy: freeing "..., 505633c0af slapd 
destroy: freeing system resources.

) = 50
munmap(0x7f00b3dce000, 2117888)         = 0
munmap(0x7f00b3b7e000, 2420936)         = 0
munmap(0x7f00b396f000, 2155752)         = 0
write(2, "5633c0af slapd stopped.\n", 245633c0af slapd stopped.


and when run as root:

access("/usr/local/libexec/openldap/check_password.so", R_OK) = 0

open("/usr/local/libexec/openldap/check_password.so", 
O_RDONLY|O_CLOEXEC) = 9
read(9, 
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\t\0\0\0\0\0\0"..., 
832) = 832
fstat(9, {st_dev=makedev(252, 0), st_ino=138492, st_mode=S_IFREG|0744, 
st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=96, 
st_size=48856, st_atime=2015/10/30-11:57:23, 
st_mtime=2015/10/30-11:57:15, st_ctime=2015/10/30-11:57:15}) = 0
mmap(NULL, 2105504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 9, 
0) = 0x7f5c8c23f000

mprotect(0x7f5c8c241000, 2093056, PROT_NONE) = 0

mmap(0x7f5c8c440000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 9, 0x1000) = 0x7f5c8c440000

close(9)                                = 0
mprotect(0x7f5c8c440000, 4096, PROT_READ) = 0
init_module(0, 0, "")                   = -1 ENOEXEC (Exec format error)
munmap(0x7f5c8c23f000, 2105504)         = 0
close(8)                                = 0
munmap(0x7f5c8fea0000, 4096)            = 0

write(2, "5633c0e2 slapd destroy: freeing "..., 505633c0e2 slapd 
destroy: freeing system resources.

) = 50
munmap(0x7f5c8c8a1000, 2117888)         = 0
munmap(0x7f5c8c651000, 2420936)         = 0
munmap(0x7f5c8c442000, 2155752)         = 0
write(2, "5633c0e2 slapd stopped.\n", 245633c0e2 slapd stopped.




Hello Kevin,


you should first set the ownership to the ldap user and group and make 
the module executable. You can also do a ldd on the .so file to check 
that all dependencies are found.


--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux

_______________________________________________
ltb-users mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-users






















					Reply via email to