Re: ldap user login attempt kills slapd service
I must have missed the e-mail below from you, sorry for that. The link to the archives is http://www.openldap.org/lists/openldap-technical/. The related Red Hat Bugzilla is https://bugzilla.redhat.com/show_bug.cgi?id=1335194 >From the backtraces provided by Liz in the case it seems to be technically (except for presence of back_relay) the same as ITS#7384. So it does not seem to be MozNSS-related. I will let Liz to include additional backtraces (etc.) if asked for it. "Real, Elizabeth (392K)"writes: > I reported the bug to red hat. > > What is the openldap technical URL where all of the submitted requests are > listed on? > > Thank you, > Liz > > -- Matúš Honěk Associate Software Engineer @ Red Hat, Inc.
Re: ldap user login attempt kills slapd service
Hello, as OpenLDAP distributed with RHEL uses NSS for crypto (which is deprecated by OpenLDAP upstream community) please contact Red Hat customer support with the issue. There, please supply full debug-level logs from all servers and client. I have noticed the suppressed log lines from journal in logs you have supplied bellow, which is not sufficient. Thank you for your understanding. "Real, Elizabeth (392K)"writes: > Openldap gurus: > > Here is my setup, > > LDAPSERVERS: I have two ldap servers running RHEL7.2 and openldap 2.4.40. > Both servers are configured with multi-master replication. Ldaps is enabled > and a ppolicy applied. > > LDAPCLIENT: My ldap client is running RHEL7.2 as well, sssd 1.13.0, and > openldap client 2.4.40. > > I have been troubleshooting this problem for a while and can’t figure out why > everytime I try to login to an ldap client with a test user account the slapd > service on only one of my ldap servers gets killed. > > Both getent and ldapsearch return the expected information when ran on the > ldap client: > ldapclient ~]# getent passwd realtest > realtest:*:1004:312:Liz RealTest:/home/real:/bin/tcsh > > ldapclient ~]# ldapsearch -x -s sub -b 'ou=People,dc=cluster,dc=sec312' > '(uid=realtest)' > # extended LDIF > # > # LDAPv3 > # base
Re: ldap user login attempt kills slapd service
I reported the bug to red hat. What is the openldap technical URL where all of the submitted requests are listed on? Thank you, Liz From: Matus Honek <mho...@redhat.com<mailto:mho...@redhat.com>> Date: Wednesday, May 11, 2016 at 4:13 AM To: Elizabeth Real Chavez <elizabeth.r...@jpl.nasa.gov<mailto:elizabeth.r...@jpl.nasa.gov>>, "openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>" <openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>> Subject: Re: ldap user login attempt kills slapd service Hello, as OpenLDAP distributed with RHEL uses NSS for crypto (which is deprecated by OpenLDAP upstream community) please contact Red Hat customer support with the issue. There, please supply full debug-level logs from all servers and client. I have noticed the suppressed log lines from journal in logs you have supplied bellow, which is not sufficient. Thank you for your understanding. "Real, Elizabeth (392K)" <elizabeth.r...@jpl.nasa.gov<mailto:elizabeth.r...@jpl.nasa.gov>> writes: Openldap gurus: Here is my setup, LDAPSERVERS: I have two ldap servers running RHEL7.2 and openldap 2.4.40. Both servers are configured with multi-master replication. Ldaps is enabled and a ppolicy applied. LDAPCLIENT: My ldap client is running RHEL7.2 as well, sssd 1.13.0, and openldap client 2.4.40. I have been troubleshooting this problem for a while and can’t figure out why everytime I try to login to an ldap client with a test user account the slapd service on only one of my ldap servers gets killed. Both getent and ldapsearch return the expected information when ran on the ldap client: ldapclient ~]# getent passwd realtest realtest:*:1004:312:Liz RealTest:/home/real:/bin/tcsh ldapclient ~]# ldapsearch -x -s sub -b 'ou=People,dc=cluster,dc=sec312' '(uid=realtest)' # extended LDIF # # LDAPv3 # base
Re: ldap user login attempt kills slapd service
I suggest avoiding packages provided by RH. This has been noted numerous times on the list. If you are unable to build OpenLDAP yourself, you may want to look at the packages from the LTB project. If you require support, you may wish to contact Symas. <http://ltb-project.org/wiki/download#openldap> <https://symas.com/products/openldap-directory/> --Quanah --On Wednesday, May 11, 2016 12:19 AM + "Real, Elizabeth (392K)" <elizabeth.r...@jpl.nasa.gov> wrote: Quanah, Because I had an ssh issue while using openldap 2.4.39 and it was suggested I used openldap 2.4.40 that came with rhel72 instead. What do you suggest? Thank you, Liz _ From: Quanah Gibson-Mount <qua...@zimbra.com> Sent: Tuesday, May 10, 2016 4:03 PM Subject: Re: ldap user login attempt kills slapd service To: <openldap-technical@openldap.org>, Real, Elizabeth (392K) <elizabeth.r...@jpl.nasa.gov> --On Tuesday, May 10, 2016 11:58 PM + "Real, Elizabeth (392K)" <elizabeth.r...@jpl.nasa.gov> wrote: Openldap gurus: Here is my setup, LDAPSERVERS: I have two ldap servers running RHEL7.2 and openldap 2.4.40. Both servers are configured with multi-master replication. Ldaps is enabled and a ppolicy applied. The RHEL packages of OpenLDAP are known broken. Why are you using them? --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
Re: ldap user login attempt kills slapd service
Quanah, Because I had an ssh issue while using openldap 2.4.39 and it was suggested I used openldap 2.4.40 that came with rhel72 instead. What do you suggest? Thank you, Liz _ From: Quanah Gibson-Mount <qua...@zimbra.com<mailto:qua...@zimbra.com>> Sent: Tuesday, May 10, 2016 4:03 PM Subject: Re: ldap user login attempt kills slapd service To: <openldap-technical@openldap.org<mailto:openldap-technical@openldap.org>>, Real, Elizabeth (392K) <elizabeth.r...@jpl.nasa.gov<mailto:elizabeth.r...@jpl.nasa.gov>> --On Tuesday, May 10, 2016 11:58 PM + "Real, Elizabeth (392K)" <elizabeth.r...@jpl.nasa.gov<mailto:elizabeth.r...@jpl.nasa.gov>> wrote: > > Openldap gurus: > > > Here is my setup, > > > LDAPSERVERS: I have two ldap servers running RHEL7.2 and openldap 2.4.40. > Both servers are configured with multi-master replication. Ldaps is > enabled and a ppolicy applied. The RHEL packages of OpenLDAP are known broken. Why are you using them? --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
Re: ldap user login attempt kills slapd service
--On Tuesday, May 10, 2016 11:58 PM + "Real, Elizabeth (392K)"wrote: Openldap gurus: Here is my setup, LDAPSERVERS: I have two ldap servers running RHEL7.2 and openldap 2.4.40. Both servers are configured with multi-master replication. Ldaps is enabled and a ppolicy applied. The RHEL packages of OpenLDAP are known broken. Why are you using them? --Quanah -- Quanah Gibson-Mount Platform Architect Zimbra, Inc. Zimbra :: the leader in open source messaging and collaboration A division of Synacor, Inc
ldap user login attempt kills slapd service
Openldap gurus: Here is my setup, LDAPSERVERS: I have two ldap servers running RHEL7.2 and openldap 2.4.40. Both servers are configured with multi-master replication. Ldaps is enabled and a ppolicy applied. LDAPCLIENT: My ldap client is running RHEL7.2 as well, sssd 1.13.0, and openldap client 2.4.40. I have been troubleshooting this problem for a while and can’t figure out why everytime I try to login to an ldap client with a test user account the slapd service on only one of my ldap servers gets killed. Both getent and ldapsearch return the expected information when ran on the ldap client: ldapclient ~]# getent passwd realtest realtest:*:1004:312:Liz RealTest:/home/real:/bin/tcsh ldapclient ~]# ldapsearch -x -s sub -b 'ou=People,dc=cluster,dc=sec312' '(uid=realtest)' # extended LDIF # # LDAPv3 # base