-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 18 Jan 2003, Guenther Starnberger wrote:
> the last openldap upgrade (DSA-227-1) seems to break proftpd when using
> LDAP authentication with proftpd-ldap (at least on my i386 system).
>
> proftpd logs:
> Jan 18 11:51:07 osprey proftpd[349]: foo (bla[xx.xx.xx.xx]) - FTP session
> opened.
> Jan 18 11:51:11 osprey proftpd[349]: foo (bla[xx.xx.xx.xx]) - ProFTPD
> terminating (signal 11)
>
> my slapd logs:
> Jan 18 11:47:52 bar slapd[31310]: daemon: conn=0 fd=9 connection from
> IP=yy.yy.yy.yy:34063 (IP=0.0.0.0:389) accepted.
> Jan 18 11:47:52 bar slapd[31310]: conn=-1 fd=9 closed
>
> the LDAP parts of my proftpd.conf are:
> LDAPServer aa.bb.cc
> LDAPDoAuth on ou=something,ou=services,o=zz,c=at
> LDAPUseTLS off
> LDAPHomedirOnDemand on 0700
>
> i am using the grsecurity and trustees patches in my kernel, but i am
> currently only using some of the "filesystem protection" features of
> grsecurity without PaX, so i don't think its the fault of the patches.
I can confirm this problem. I had a proftp running from before the library
upgrade and was working correctly. When I restarted proftp is gives the
same problem:
client: % ftp server
Connected to server
220 Welcome to My ftp server
Name (server:arthur):
server: proftpd[3421]: server.my.domain (client.my.domain[192.168.12.2]) - FTP
session opened.
client: Name (server:arthur): arthur
331 Password required for arthur.
Password:
server: slapd[21243]: daemon: conn=5506 fd=16 connection from
IP=192.168.12.1:3003 (IP=0.0.0.0:34049) accepted.
slapd[21255]: conn=5506 op=0 BIND dn="" method=128
slapd[21255]: conn=5506 op=0 RESULT tag=97 err=0 text=
slapd[5921]: conn=5506 op=1 SRCH base="dc=my,dc=domain" scope=2
filter="(&(objectClass=posixGroup))"
slapd[5921]: conn=5506 op=1 SEARCH RESULT tag=101 err=0 text=
client: Password: ****
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: Permission denied
server: slapd[6254]: conn=5506 op=2 SRCH base="dc=my,dc=domain" scope=2
filter="(&(objectClass=posixGroup))"
slapd[6254]: conn=5506 op=2 SEARCH RESULT tag=101 err=0 text=
slapd[21243]: daemon: conn=5507 fd=20 connection from
IP=192.168.12.1:3004 (IP=0.0.0.0:34049) accepted.
slapd[15260]: conn=5507 op=0 BIND dn="" method=128
slapd[15260]: conn=5507 op=0 RESULT tag=97 err=0 text=
proftpd[3421]: server.my.domain (client.my.domain[192.168.12.2]) -
ProFTPD terminating (signal 11)
slapd[21243]: conn=-1 fd=16 closed
slapd[21243]: conn=-1 fd=20 closed
(names changed) (slapd running on ftp server)
And a succesfull connection reconstructed from before the restart:
client: % ftp server
Connected to server
220 Welcome to My ftp server
Name (server:arthur):
server: proftpd[2294]: server.my.domain (client.my.domain[192.168.12.2]) - FTP
session opened.
client: Name (server:arthur): arthur
331 Password required for arthur.
Password:
server: slapd[21243]: daemon: conn=5457 fd=20 connection from
IP=192.168.12.1:2810 (IP=0.0.0.0:34049) accepted.
slapd[14583]: conn=5457 op=0 BIND dn="" method=128
slapd[14583]: conn=5457 op=0 RESULT tag=97 err=0 text=
slapd[19472]: conn=5457 op=1 SRCH base="dc=my,dc=domain" scope=2
filter="(&(objectClass=posixGroup))"
slapd[19472]: conn=5457 op=1 SEARCH RESULT tag=101 err=0 text=
client: Password: ****
230 User arthur logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
server: slapd[15259]: conn=5457 op=2 SRCH base="dc=my,dc=domain" scope=2
filter="(&(objectClass=posixGroup))"
slapd[15259]: conn=5457 op=2 SEARCH RESULT tag=101 err=0 text=
slapd[21243]: daemon: conn=5458 fd=27 connection from
IP=192.168.12.1:2811 (IP=0.0.0.0:34049) accepted.
slapd[15836]: conn=5458 op=0 BIND dn="" method=128
slapd[15836]: conn=5458 op=0 RESULT tag=97 err=0 text=
slapd[21256]: conn=5458 op=1 SRCH base="dc=my,dc=domain" scope=2
filter="(&(uid=arthur)(objectClass=posixAccount))"
slapd[21256]: conn=5458 op=1 SEARCH RESULT tag=101 err=0 text=
slapd[21243]: daemon: conn=5459 fd=29 connection from
IP=192.168.12.1:2812 (IP=0.0.0.0:34049) accepted.
slapd[14047]: conn=5459 op=0 BIND
dn="UID=ARTHUR,OU=PEOPLE,DC=MY,DC=DOMAIN" method=128
slapd[14047]: conn=5459 op=0 RESULT tag=97 err=0 text=
slapd[9265]: conn=5459 op=1 UNBIND
slapd[9265]: conn=-1 fd=29 closed
slapd[16055]: conn=5457 op=3 SRCH base="dc=my,dc=domain" scope=2
filter="(&(objectClass=posixGroup))"
slapd[16055]: conn=5457 op=3 SEARCH RESULT tag=101 err=0 text=
The communication looks the same up to to point that proftpd crashes.
Restarting slapd doesn't seem to help. Rebuilding proftpd-common and
proftpd-ldap also doesn't help.
I'm using the vanilla 2.2.19 kernel with nothing fancy added.
- -- arthur - [EMAIL PROTECTED] - http://tiefighter.et.tudelft.nl/~arthur --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
iD8DBQE+KWu8VYan35+NCKcRAqZEAKDlNZzeBAnwTPxwA9icrOTKFBkPNwCePKI5
YDHsELL7/AhqbpZl1xMxjfs=
=Ppar
-----END PGP SIGNATURE-----
