Memory violation and termination of LDAP when checkRDN1 & ldap uid contains _ or -
shankarb01 opened this issue · 7 comments
As mentioned in the subject, when checkRDN 1 is set in ppm.conf and the uid has an underscore or hyphen in it, then it triggers a memory violation and causes the LDAP process to crash.
Below is the only logs that appear in the audit logs of the server.
type=ANOM_ABEND msg=audit(1530841522.922:74326): auid=4294967295 uid=55 gid=55 ses=429496
7295 subj=system_u:system_r:slapd_t:s0 pid=14936 comm="slapd" reason="memory violation" s
ig=11
Thanks for the report.
Will give a look soon
@shankarb01
Hi,
I can't reproduce with a simple DN like uid=test_,ou=people,dc=my-domain,dc=com
Could you give me your DN?
Hi David, Thanks for your prompt response and apologies for the delayed response from my end.
Our application uses an email as the uid and the email can contain "_" or "-" as given.can you try with the DN : uid=test-abc.xyz@gmail.com,ou=people,dc=my-domain,dc=com is used.
Another uid pattern that reproduced the issue was : abc_xyz_def@organization.domain.com
Thanks, will look at it soon
Hi @shankarb01,
I have tested these uid:
- uid=test-abc@domain.com,ou=people,dc=my-domain,dc=com
- uid=abc_def_xyz@organization.domain.com,ou=people,dc=my-domain,dc=com
They are working as expected. I have tried to push invalid passwords or valid passwords, each time everything is working as expected.
Do you have some specific configuration?
Could you give me some details:
- OpenLDAP LTB version
- current policy configuration
- ppm configuration
Thanks
Hi @shankarb01
As we can't reproduce the issue, I will close it... Unless you have new comments or use cases.
Regards,
David