I'm testing out dovecot/tls/openldap(via portunus). It seems to work fine. I can access Maildir with Thunderbird as expected. However according to the logs, auth-worker crashes when slapd closes:

Apr 04 22:11:56 silver slapd[1745983]: conn=1054 op=1 UNBIND
Apr 04 22:11:56 silver slapd[1745983]: conn=1054 fd=14 closed
Apr 04 22:11:56 silver slapd[1745983]: conn=1053 op=2 UNBIND
Apr 04 22:11:56 silver slapd[1745983]: conn=1053 fd=13 closed
Apr 04 22:11:56 silver dovecot[2083465]: auth-worker: Fatal: master: service(auth-worker): child 2084984 killed with signal 11 (core dumped) Apr 04 22:11:56 silver dovecot[2083465]: auth: Fatal: master: service(auth): child 2084981 killed with signal 11 (core dumped)

Here is the configuration. It is a minimal setup, just testing ldap for passdb:

# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf
# OS: Linux 6.1.7 x86_64 NixOS 22.11 (Raccoon) btrfs
# Hostname: silver
auth_mechanisms = plain login
base_dir = /run/dovecot2
default_internal_group = dovecot2
default_internal_user = dovecot2
mail_location = maildir:/home/%n/Maildir:INBOX=/var/spool/mail/%n:INDEX=/var/lib/dovecot/indexes/%n:LAYOUT=Maildir++
passdb {
  args = /var/lib/dovecot/etc/dovecot-ldap.conf.ext
  driver = ldap
}
pop3_uidl_format = %08Xv%08Xu
protocols = imap
sendmail_path = /run/wrappers/bin/sendmail
service auth {
  user = root
}
ssl_ca = </var/certs/.minica/cert.pem
ssl_cert = </var/certs/silver/cert.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  driver = passwd
}

Here is the ldap config:

uris = ldaps://silver
tls_ca_cert_file = "/var/certs/.minica/cert.pem"
auth_bind = yes
auth_bind_userdn = uid=%u,ou=users,dc=silver
base = dc=silver

Here is the stack trace:

           PID: 2084981 (auth)
           UID: 0 (root)
           GID: 0 (root)
        Signal: 11 (SEGV)
     Timestamp: Tue 2023-04-04 22:11:56 EDT (11h ago)
  Command Line: dovecot/auth
Executable: /nix/store/s72dc8pc6g70dscya8ggsvn61rnfhixy-dovecot-2.3.19.1/libexec/dovecot/auth
 Control Group: /system.slice/dovecot2.service
          Unit: dovecot2.service
         Slice: system.slice
      Hostname: silver
Storage: /var/lib/systemd/coredump/core.auth.0.9fed479ad6ac4f0e8c2d5f290d9ea3f5.2084981.1680660716000000.zst (present)
     Disk Size: 324.7K
       Message: Process 2084981 (auth) of user 0 dumped core.

Module linux-vdso.so.1 with build-id 7aefd45ed44b5302cf82d7b5093cd9b882b8bc8a Module legacy.so with build-id fdd26faf7ff15c8fa78ef2091d38c5fb886da146
                Module libscram.so.3 without build-id.
                Module libdb-5.3.so without build-id.
                Module libsasldb.so.3 without build-id.
                Module libplain.so.3 without build-id.
                Module libotp.so.3 without build-id.
                Module liblogin.so.3 without build-id.
                Module libgssapiv2.so.3 without build-id.
                Module libkeyutils.so.1 without build-id.
                Module libkrb5support.so.0 without build-id.
                Module libcom_err.so.3 without build-id.
                Module libk5crypto.so.3 without build-id.
                Module libkrb5.so.3 without build-id.
                Module libgssapi_krb5.so.2 without build-id.
                Module libgs2.so.3 without build-id.
                Module libdigestmd5.so.3 without build-id.
                Module libcrammd5.so.3 without build-id.
                Module libanonymous.so.3 without build-id.
Module libresolv.so.2 with build-id 6bcddb1dd1be5b345df903815f364e5d967ae0ef Module libdl.so.2 with build-id 2e86539e324ffb14e185718fd284d3f3f2568f06 Module libm.so.6 with build-id 5cc630080219b350d8f9e4573c65d2dd931ea978
                Module libz.so.1 without build-id.
Module ld-linux-x86-64.so.2 with build-id 3be2bc3749163683f612e0fb8169ce51f75742fe Module libcrypto.so.3 with build-id ca321413716a256baa08042cb3f3c07a90cc82ce Module libssl.so.3 with build-id 4bf2aae91a0d91b0ca0a6fe1ab29b2b7653a17f6
                Module libsasl2.so.3 without build-id.
                Module libaudit.so.1 without build-id.
Module libc.so.6 with build-id 3d6884d200ead572b7b89a4133f645c7a3c039ed Module libpthread.so.0 with build-id 0f7050f6ef81222c7290351dfa67e5e062c797bf Module libsqlite3.so.0 with build-id 174a69054606e27a1c555838b07035346e83bfb0 Module libsodium.so.23 with build-id 1c1e5b232aa14bf5c942b3568bf70713da9ad11f
                Module liblber.so.2 without build-id.
                Module libldap.so.2 without build-id.
                Module libpam.so.0 without build-id.
                Module libcrypt.so.1 without build-id.
                Module libdovecot.so.0 without build-id.
                Module libstats_auth.so without build-id.
                Module auth without build-id.
                Stack trace of thread 2084981:
#0 0x00007f824e28e824 pthread_rwlock_rdlock@GLIBC_2.2.5 (libc.so.6 + 0x8e824) #1 0x00007f824de312d9 CRYPTO_THREAD_read_lock (libcrypto.so.3 + 0x2312d9) #2 0x00007f824de1ea57 ossl_lib_ctx_get_data (libcrypto.so.3 + 0x21ea57) #3 0x00007f824de2d460 ossl_provider_deregister_child_cb (libcrypto.so.3 + 0x22d460) #4 0x00007f824de1e960 OSSL_LIB_CTX_free (libcrypto.so.3 + 0x21e960)
                #5  0x00007f824d8d4801 legacy_teardown (legacy.so + 0x7801)
#6 0x00007f824de2ebfd ossl_provider_free (libcrypto.so.3 + 0x22ebfd) #7 0x00007f824ddf535b evp_cipher_free_int (libcrypto.so.3 + 0x1f535b)
                #8  0x00007f824e4cd46c SSL_CTX_free (libssl.so.3 + 0x3d46c)
#9 0x00007f824e7852f5 ldap_int_tls_destroy (libldap.so.2 + 0x3d2f5) #10 0x00007f824e9ddbde _dl_fini (ld-linux-x86-64.so.2 + 0x5bde) #11 0x00007f824e2400c5 __run_exit_handlers (libc.so.6 + 0x400c5)
                #12 0x00007f824e24024e exit (libc.so.6 + 0x4024e)
#13 0x00007f824e229255 __libc_start_call_main (libc.so.6 + 0x29255) #14 0x00007f824e229309 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29309)
                #15 0x000055b07d5c7675 _start (auth + 0x18675)
                ELF object binary architecture: AMD x86-64

As you can see, it seems to be crashing in the exit-handlers. Anyway, I thought I should report the crash I was observing. Thank you

--
Anthony Carrico

Reply via email to