I'm testing out dovecot/tls/openldap(via portunus). It seems to work
fine. I can access Maildir with Thunderbird as expected. However
according to the logs, auth-worker crashes when slapd closes:
Apr 04 22:11:56 silver slapd[1745983]: conn=1054 op=1 UNBIND
Apr 04 22:11:56 silver slapd[1745983]: conn=1054 fd=14 closed
Apr 04 22:11:56 silver slapd[1745983]: conn=1053 op=2 UNBIND
Apr 04 22:11:56 silver slapd[1745983]: conn=1053 fd=13 closed
Apr 04 22:11:56 silver dovecot[2083465]: auth-worker: Fatal: master:
service(auth-worker): child 2084984 killed with signal 11 (core dumped)
Apr 04 22:11:56 silver dovecot[2083465]: auth: Fatal: master:
service(auth): child 2084981 killed with signal 11 (core dumped)
Here is the configuration. It is a minimal setup, just testing ldap for
passdb:
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# OS: Linux 6.1.7 x86_64 NixOS 22.11 (Raccoon) btrfs
# Hostname: silver
auth_mechanisms = plain login
base_dir = /run/dovecot2
default_internal_group = dovecot2
default_internal_user = dovecot2
mail_location =
maildir:/home/%n/Maildir:INBOX=/var/spool/mail/%n:INDEX=/var/lib/dovecot/indexes/%n:LAYOUT=Maildir++
passdb {
args = /var/lib/dovecot/etc/dovecot-ldap.conf.ext
driver = ldap
}
pop3_uidl_format = %08Xv%08Xu
protocols = imap
sendmail_path = /run/wrappers/bin/sendmail
service auth {
user = root
}
ssl_ca = </var/certs/.minica/cert.pem
ssl_cert = </var/certs/silver/cert.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
Here is the ldap config:
uris = ldaps://silver
tls_ca_cert_file = "/var/certs/.minica/cert.pem"
auth_bind = yes
auth_bind_userdn = uid=%u,ou=users,dc=silver
base = dc=silver
Here is the stack trace:
PID: 2084981 (auth)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Tue 2023-04-04 22:11:56 EDT (11h ago)
Command Line: dovecot/auth
Executable:
/nix/store/s72dc8pc6g70dscya8ggsvn61rnfhixy-dovecot-2.3.19.1/libexec/dovecot/auth
Control Group: /system.slice/dovecot2.service
Unit: dovecot2.service
Slice: system.slice
Hostname: silver
Storage:
/var/lib/systemd/coredump/core.auth.0.9fed479ad6ac4f0e8c2d5f290d9ea3f5.2084981.1680660716000000.zst
(present)
Disk Size: 324.7K
Message: Process 2084981 (auth) of user 0 dumped core.
Module linux-vdso.so.1 with build-id
7aefd45ed44b5302cf82d7b5093cd9b882b8bc8a
Module legacy.so with build-id
fdd26faf7ff15c8fa78ef2091d38c5fb886da146
Module libscram.so.3 without build-id.
Module libdb-5.3.so without build-id.
Module libsasldb.so.3 without build-id.
Module libplain.so.3 without build-id.
Module libotp.so.3 without build-id.
Module liblogin.so.3 without build-id.
Module libgssapiv2.so.3 without build-id.
Module libkeyutils.so.1 without build-id.
Module libkrb5support.so.0 without build-id.
Module libcom_err.so.3 without build-id.
Module libk5crypto.so.3 without build-id.
Module libkrb5.so.3 without build-id.
Module libgssapi_krb5.so.2 without build-id.
Module libgs2.so.3 without build-id.
Module libdigestmd5.so.3 without build-id.
Module libcrammd5.so.3 without build-id.
Module libanonymous.so.3 without build-id.
Module libresolv.so.2 with build-id
6bcddb1dd1be5b345df903815f364e5d967ae0ef
Module libdl.so.2 with build-id
2e86539e324ffb14e185718fd284d3f3f2568f06
Module libm.so.6 with build-id
5cc630080219b350d8f9e4573c65d2dd931ea978
Module libz.so.1 without build-id.
Module ld-linux-x86-64.so.2 with build-id
3be2bc3749163683f612e0fb8169ce51f75742fe
Module libcrypto.so.3 with build-id
ca321413716a256baa08042cb3f3c07a90cc82ce
Module libssl.so.3 with build-id
4bf2aae91a0d91b0ca0a6fe1ab29b2b7653a17f6
Module libsasl2.so.3 without build-id.
Module libaudit.so.1 without build-id.
Module libc.so.6 with build-id
3d6884d200ead572b7b89a4133f645c7a3c039ed
Module libpthread.so.0 with build-id
0f7050f6ef81222c7290351dfa67e5e062c797bf
Module libsqlite3.so.0 with build-id
174a69054606e27a1c555838b07035346e83bfb0
Module libsodium.so.23 with build-id
1c1e5b232aa14bf5c942b3568bf70713da9ad11f
Module liblber.so.2 without build-id.
Module libldap.so.2 without build-id.
Module libpam.so.0 without build-id.
Module libcrypt.so.1 without build-id.
Module libdovecot.so.0 without build-id.
Module libstats_auth.so without build-id.
Module auth without build-id.
Stack trace of thread 2084981:
#0 0x00007f824e28e824
pthread_rwlock_rdlock@GLIBC_2.2.5 (libc.so.6 + 0x8e824)
#1 0x00007f824de312d9 CRYPTO_THREAD_read_lock
(libcrypto.so.3 + 0x2312d9)
#2 0x00007f824de1ea57 ossl_lib_ctx_get_data
(libcrypto.so.3 + 0x21ea57)
#3 0x00007f824de2d460
ossl_provider_deregister_child_cb (libcrypto.so.3 + 0x22d460)
#4 0x00007f824de1e960 OSSL_LIB_CTX_free
(libcrypto.so.3 + 0x21e960)
#5 0x00007f824d8d4801 legacy_teardown (legacy.so + 0x7801)
#6 0x00007f824de2ebfd ossl_provider_free
(libcrypto.so.3 + 0x22ebfd)
#7 0x00007f824ddf535b evp_cipher_free_int
(libcrypto.so.3 + 0x1f535b)
#8 0x00007f824e4cd46c SSL_CTX_free (libssl.so.3 + 0x3d46c)
#9 0x00007f824e7852f5 ldap_int_tls_destroy
(libldap.so.2 + 0x3d2f5)
#10 0x00007f824e9ddbde _dl_fini (ld-linux-x86-64.so.2 +
0x5bde)
#11 0x00007f824e2400c5 __run_exit_handlers (libc.so.6 +
0x400c5)
#12 0x00007f824e24024e exit (libc.so.6 + 0x4024e)
#13 0x00007f824e229255 __libc_start_call_main
(libc.so.6 + 0x29255)
#14 0x00007f824e229309 __libc_start_main@@GLIBC_2.34
(libc.so.6 + 0x29309)
#15 0x000055b07d5c7675 _start (auth + 0x18675)
ELF object binary architecture: AMD x86-64
As you can see, it seems to be crashing in the exit-handlers. Anyway, I
thought I should report the crash I was observing. Thank you
--
Anthony Carrico
