slapd(OpenLDAP Proxy/back-ldap) aborts with "ldap_back_dobind_int: DN=XXX without creds, binding anonymously"
Issue
- slapd(OpenLDAP Proxy/back-ldap) aborts with "ldap_back_dobind_int: DN=XXX without creds, binding anonymously"
[Client] --- [LDAP Proxy] --- [LDAP Server]
After a backend ldap server closes an idle TCP session with a proxy ldap server, the proxy causes abort when it retries to bind to the server.
Sample log:
slapd[XXXX]: conn=1000 fd=10 ACCEPT from IP=192.168.122.130:37108 (IP=0.0.0.0:389)
slapd[XXXX]: conn=1000 op=0 BIND dn="uid=testuser,ou=people,dc=example,dc=com" method=128
slapd[XXXX]: conn=1000 op=0 BIND dn="uid=testuser,ou=people,dc=example,dc=com" mech=SIMPLE ssf=0
slapd[XXXX]: conn=1000 op=0 RESULT tag=97 err=0 text=
slapd[XXXX]: conn=1000 op=1 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uidNumber=1000)(objectClass=posixAccount))"
slapd[XXXX]: conn=1000 op=1 SRCH attr=mail homeDirectory
slapd[XXXX]: conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
//After the backend ldap server closed "conn=1000"
slapd[XXXX]: conn=1000 op=2 SRCH base="dc=example,dc=com" scope=2 deref=0 filter="(&(uidNumber=1000)(objectClass=posixAccount))"
slapd[XXXX]: conn=1000 op=2 SRCH attr=mail homeDirectory
slapd[XXXX]: conn=1000 op=2 ldap_back_retry: retrying URI="ldap://ldapsrv.example.com" DN="uid=testuser,ou=people,dc=example,dc=com"
slapd[XXXX]: conn=1000 op=2 ldap_back_dobind_int: DN="uid=testuser,ou=people,dc=example,dc=com" without creds, binding anonymously
systemd: slapd.service: main process exited, code=killed, status=6/ABRT
systemd: Unit slapd.service entered failed state.
systemd: slapd.service failed.
Call trace of openldap-servers-2.4.44-25.el7_9:
(gdb) bt
#0 0x00007f5886fe0387 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:55
#1 0x00007f5886fe1a78 in __GI_abort () at abort.c:90
#2 0x00007f5886fd91a6 in __assert_fail_base (fmt=0x7f5887134f60 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion@entry=0x7f58828346e8 "!(*(&((lc))->lc_lcflags) & (((0x00000020U))))",
file=file@entry=0x7f5882834d90 "bind.c", line=line@entry=191,
function=function@entry=0x7f5882834d00 <_PRETTY_FUNCTION_.13170> "ldap_back_conn_delete") at assert.c:92
#3 0x00007f5886fd9252 in _GI__assert_fail (
assertion=assertion@entry=0x7f58828346e8 "!(*(&((lc))->lc_lcflags) & (((0x00000020U))))",
file=file@entry=0x7f5882834d90 "bind.c", line=line@entry=191,
function=function@entry=0x7f5882834d00 <_PRETTY_FUNCTION_.13170> "ldap_back_conn_delete") at assert.c:101
#4 0x00007f58828244a3 in ldap_back_conn_delete (li=li@entry=0x5636c3217fb0, lc=lc@entry=0x7f5874102ce0) at bind.c:191
#5 0x00007f588282522b in ldap_back_freeconn (li=li@entry=0x5636c3217fb0, lc=0x7f5874102ce0, dolock=dolock@entry=0) at bind.c:510
#6 0x00007f58828272d3 in ldap_back_retry (lcp=lcp@entry=0x7f5882011660, op=op@entry=0x7f5874002900, rs=rs@entry=0x7f5882012860,
sendok=sendok@entry=LDAP_BACK_DONTSEND) at bind.c:2053
#7 0x00007f5882822f42 in ldap_back_search (op=0x7f5874002900, rs=<optimized out>) at search.c:561
#8 0x00005636c104cf01 in fe_op_search (op=0x7f5874002900, rs=0x7f5882012860) at search.c:402
#9 0x00005636c104c7b6 in do_search (op=<optimized out>, rs=<optimized out>) at search.c:247
#10 0x00005636c1049e8c in connection_operation (ctx=ctx@entry=0x7f5882012ad0, arg_v=arg_v@entry=0x7f5874002900)
at connection.c:1158
#11 0x00005636c104a1fb in connection_read_thread (ctx=0x7f5882012ad0, argv=0xa) at connection.c:1294
#12 0x00007f5888a612ba in ldap_int_thread_pool_wrapper (xpool=0x5636c31be5d0) at tpool.c:696
#13 0x00007f5887bebea5 in start_thread (arg=0x7f5882013700) at pthread_create.c:307
#14 0x00007f58870a8b0d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
(gdb)
Environment
- Red Hat Enterprise Linux 6 and 7
- openldap-servers
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
