[Bug 710430] New: DNS problem with LDAP server
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c0 Summary: DNS problem with LDAP server Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: x86-64 OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: qwatli@yahoo.com QAContact: jsrain@novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0 after I install named (DNS) and LDAP when I try to record the DNS server with LDAP server ,the UI (user interface ) disappear and I found the flowing auto generated error from Yast2 : YaST got signal 11 at YCP file dns-server/dialog-main.ycp:2 /sbin/yast2: line 423: 6621 Segmentation fault $ybindir/y2base $module "$@" "$SELECTED_GUI" $Y2_GEOMETRY $Y2UI_ARGS Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c zj jia <zjjia@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@novell.com AssignedTo|bnc-team-screening@forge.pr |yast2-maintainers@suse.de |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c1 Thomas Fehr <fehr@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|yast2-maintainers@suse.de |jsuchome@novell.com --- Comment #1 from Thomas Fehr <fehr@novell.com> 2011-08-08 09:31:07 UTC --- Reassigned to maintainer of yast2-ldap -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c2 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |qwatli@yahoo.com --- Comment #2 from Jiří Suchomel <jsuchome@novell.com> 2011-08-08 11:16:43 UTC --- Please attach y2logs: http://en.opensuse.org/openSUSE:Bugreport_YaST#I_reported_a_YaST2_bug.2C_and... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c3 --- Comment #3 from yasser Khisha <qwatli@yahoo.com> 2011-08-08 12:53:04 UTC --- Created an attachment (id=444702) --> (http://bugzilla.novell.com/attachment.cgi?id=444702) yast log -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c4 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |jsuchome@novell.com, | |locilka@novell.com InfoProvider|qwatli@yahoo.com | AssignedTo|jsuchome@novell.com |rhafer@novell.com --- Comment #4 from Jiří Suchomel <jsuchome@novell.com> 2011-08-08 13:23:07 UTC --- It seems that it was dns-server which crashed, and logs contains some error lines invoking /usr/lib/perl5/vendor_perl/5.12.3/Net/LDAP.pm starting with 2011-08-06 21:54:48. Seems like these are called from dns-server module, but maybe by some other service? Is it caused by LdapServerAccess.pm? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c5 --- Comment #5 from Ralf Haferkamp <rhafer@suse.com> 2011-08-30 14:40:22 CEST --- (In reply to comment #4)
Seems like these are called from dns-server module, but maybe by some other service? I suspect it's the ldapdump Perl helper that is called by named init script. AFAIK yast2-dns doesn't use perl-ldap.
Is it caused by LdapServerAccess.pm? Most likely not.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c6 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |qwatli@yahoo.com --- Comment #6 from Ralf Haferkamp <rhafer@suse.com> 2011-08-30 14:41:41 CEST --- Could you please attach /etc/ldap.conf, /etc/openldap/ldap.conf, /etc/sysconfig/ldap and /etc/sysconfig/named. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c7 --- Comment #7 from yasser Khisha <qwatli@yahoo.com> 2011-08-30 13:22:37 UTC --- Created an attachment (id=448411) --> (http://bugzilla.novell.com/attachment.cgi?id=448411) Thank you for kind interest ^_^ -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c8 --- Comment #8 from Ralf Haferkamp <rhafer@suse.com> 2011-08-30 17:03:15 CEST --- Created an attachment (id=448432) --> (http://bugzilla.novell.com/attachment.cgi?id=448432) patch for testing Ok, could you please test if the attached patch for /usr/share/bind/ldapdump resolves your problem? To apply it, it should be enough to call: patch -p0 < ldapdump-use-uri.patch on the command line, from inside the directory where you saved that patch. You might need to install the "patch" rpm for it to work (if you don't don't already have it installed). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c9 --- Comment #9 from yasser Khisha <qwatli@yahoo.com> 2011-08-30 16:23:41 UTC --- yes Mr Ralf ..... the line witch you mention below : if ( /^uri\s+([^\s]*)\s*/i ) { $data = $1; last } is not exist at all in the file ldapdump , l found : sub getLDAPConfigServer { my $data; open( FILE, "< /etc/openldap/ldap.conf" ) or die "unable to open /etc/openldap/ldap.conf. $!"; while(<FILE>) { if ( /^host\s+([^\s]*)\s*/i ) { $data = $1; last } } close(FILE); return $data; } hope it will help -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
yes Mr Ralf ..... the line witch you mention below :
if ( /^uri\s+([^\s]*)\s*/i ) { $data = $1; last }
is not exist at all in the file ldapdump , l found : Yes, and I think that is at least part of the problem that's causing you
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c10 --- Comment #10 from Ralf Haferkamp <rhafer@suse.com> 2011-08-31 10:06:34 CEST --- (In reply to comment #9) trouble. The patch I attached is supposed to fix that. Where you able to apply the patch? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |715179 Blocks| |715180 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |715179 Blocks| |715180 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|715180 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c11 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEEDINFO |ASSIGNED InfoProvider|qwatli@yahoo.com | Blocks| |715180 Severity|Normal |Major --- Comment #11 from Ralf Haferkamp <rhafer@suse.com> 2011-08-31 12:16:52 CEST --- I just submitted the ldapdump patch to Factory. While that fix is needed it is however unlikely that it is really the cause of yast2 crashing. Looking at /var/log/YaST/signal is seems to crash somewhere in /usr/lib64/libldapcpp.so.1 (when called from the ldap-agent). One crash occure e.g. on 2011-08-05 05:04:42 the corresponding y2logs can be found in y2log-1.gz: 2011-08-05 05:04:25 <1> Creations(32256) [Perl] modules/LdapServerAccess.pm(LdapServerAccess::AddLdapSchemas):90 Schemabase: dnszone 2011-08-05 05:04:25 <1> Creations(32256) [Perl] modules/LdapServerAccess.pm(LdapServerAccess::AddLdapSchemas):101 Schema /etc/openldap/schema/dnszone.schema is already included 2011-08-05 05:04:25 <3> Creations(32256) [agent-ldap] LdapAgent.cc(debug_exception):485 ldap error while starting TLS (-11): Connect error 2011-08-05 05:04:25 <3> Creations(32256) [agent-ldap] LdapAgent.cc(debug_exception):487 additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verif y failed (self signed certificate in certificate chain) 2011-08-05 05:04:25 <1> Creations(32256) [ui] YPushButton.cc(setFunctionKey):204 Guessing button role YOKButton for YPushButton "OK" at 0x25d2208 from function key F10 2011-08-05 05:04:42 <1> Creations(32256) [Perl] modules/DnsServer.pm(DnsServer::GetConfigurationStat):905 Stat of the file '/etc/named.conf' is 'rights: 644, blocks: 16, size: 41 08, owner: 0:44 changed: 1312484041, modifyied: 1312484041' 2011-08-05 05:04:42 <1> Creations(32256) [Perl] modules/DnsServer.pm(DnsServer::SaveGlobals):385 Deleting zones So the hint for LdapServerAccess.pm was not that far off. It seems that DnsServer::SaveGlobals() calls DnsZone::ZonesDeleteLdap() which uses the ldap-agent. The ldap-agent however was unable to open a connection (because of TLS problems) and somehow ends up using a stale LDAPConnection Object. This might be even a bug in libldapcpp. Still investigating. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c12 Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|rhafer@suse.com |jsuchome@suse.com --- Comment #12 from Ralf Haferkamp <rhafer@suse.com> 2011-08-31 15:04:23 CEST --- Hm, attaching with a debugger gives this: ---------------------- (gdb) bt #0 0x00007fb917a31860 in LDAPAsynConnection::getSessionHandle() const () from /usr/lib64/libldapcpp.so.1 #1 0x00007fb917a474d6 in LDAPSearchRequest::sendRequest() () from /usr/lib64/libldapcpp.so.1 #2 0x00007fb917a3205c in LDAPAsynConnection::search(std::string const&, int, std::string const&, StringList const&, bool, LDAPConstraints const*) () from /usr/lib64/libldapcpp.so.1 #3 0x00007fb917a3913b in LDAPConnection::search(std::string const&, int, std::string const&, StringList const&, bool, LDAPConstraints const*) () from /usr/lib64/libldapcpp.so.1 #4 0x00007fb917cb3ea3 in LdapAgent::Read (this=0x1f4fa60, path=..., arg=..., opt=...) at LdapAgent.cc:608 [..] (gdb) frame 4 #4 0x00007fb917cb3ea3 in LdapAgent::Read (this=0x1f4fa60, path=..., arg=..., opt=...) at LdapAgent.cc:608 608 base_dn, scope, filter, attrs, attrsOnly, cons); (gdb) list 603 base_dn.c_str(), filter.c_str(), scope); 604 // do the search call 605 LDAPSearchResults* entries = NULL; 606 try { 607 entries = ldap->search ( 608 base_dn, scope, filter, attrs, attrsOnly, cons); 609 } 610 catch (LDAPException e) { 611 if (not_found_ok && e.getResultCode() == 32) 612 { (gdb) print ldap $1 = (LDAPConnection *) 0x0 (gdb) print ldap_initialized $2 = true ----------------------- So it seems the ldap-agent is trying to use an uninitialized LDAPConnection object. I guess it deleted that object when the start_tls() call failed (see LdapAgent::Execute(). So I think the ldap-agent has a bug here. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |rhafer@suse.com Blocks|715179, 715180 | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c Ralf Haferkamp <rhafer@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |715240 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c13 --- Comment #13 from Jiří Suchomel <jsuchome@suse.com> 2011-08-31 13:55:14 UTC --- This patch for yast2-ldap seems to prevent the crashing: Index: src/LdapAgent.cc =================================================================== --- src/LdapAgent.cc (revision 65464) +++ src/LdapAgent.cc (working copy) @@ -1250,6 +1250,8 @@ */ if (path->length() == 0) { + ldap_initialized = false; + hostname = getValue (argmap, "hostname"); if (hostname =="") { y2error ("Missing hostname of LDAPHost, aborting"); -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c14 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEW AssignedTo|jsuchome@suse.com |locilka@suse.com --- Comment #14 from Jiří Suchomel <jsuchome@suse.com> 2011-08-31 14:26:37 UTC --- Thanks, Ralf, for investigation. I've submitted fixed yast2-ldap package. However, according to Ralf, the problem in y2-dns-server is not solved, because it does not check return values from ldap agent. (And it is SP2 problem as well) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c15 --- Comment #15 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-08-31 17:00:43 CEST --- This is an autogenerated message for OBS integration: This bug (710430) was mentioned in https://build.opensuse.org/request/show/80402 Factory / yast2-ldap -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c16 --- Comment #16 from Lukas Ocilka <locilka@suse.com> 2011-09-01 09:41:13 UTC --- *** Bug 715240 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=715240 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c17 Lukas Ocilka <locilka@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Target Milestone|--- |Factory --- Comment #17 from Lukas Ocilka <locilka@suse.com> 2011-09-01 09:42:10 UTC --- yast2-dns-server will be fixed in both openSUSE and SLE 11 SP2. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c18 --- Comment #18 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-09-01 12:00:10 CEST --- This is an autogenerated message for OBS integration: This bug (710430) was mentioned in https://build.opensuse.org/request/show/80484 Factory / bind -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c19 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lewisp@avex.co.uk --- Comment #19 from Jiří Suchomel <jsuchome@suse.com> 2011-10-27 08:03:36 UTC --- *** Bug 722512 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=722512 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c20 Lukas Ocilka <locilka@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |DUPLICATE --- Comment #20 from Lukas Ocilka <locilka@suse.com> 2012-02-13 17:12:48 UTC --- Not 100% a duplicate, but the solution is actually the same. See bug #690237 comment #7 (and below) Created an attachment (id=475894) --> (http://bugzilla.novell.com/attachment.cgi?id=475894) *** This bug has been marked as a duplicate of bug 690237 *** http://bugzilla.novell.com/show_bug.cgi?id=690237 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=710430 https://bugzilla.novell.com/show_bug.cgi?id=710430#c21 --- Comment #21 from Swamp Workflow Management <swamp@suse.de> 2013-04-10 22:05:18 UTC --- openSUSE-SU-2013:0666-1: An update that solves four vulnerabilities and has 5 fixes is now available. Category: security (moderate) Bug References: 710430,715881,716745,718441,738156,743758,772946,792926,811876 CVE References: CVE-2011-1907,CVE-2012-3868,CVE-2012-5688,CVE-2013-2266 Sources used: openSUSE 11.4 (src): bind-9.9.2P2-45.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com