ndsd cores when NLDAP processes a request with a base that includes "cn=\ "

  • 3202686
  • 18-Oct-2007
  • 26-Apr-2012

Environment


Novell eDirectory 8.8 for Solaris
Novell eDirectory 8.8 for Linux
Novell eDirectory 8.8 for HP-UX
Novell eDirectory 8.8 for AIX
Novell eDirectory 8.7.3 for Solaris
Novell eDirectory 8.7.3 for Linux
Novell eDirectory 8.7.3 for AIX
Novell eDirectory 8.7.3 for HP-UX
Novell Identity Manager Driver - Linux and UNIX - Fan Out

Situation

eDirectory servers being used for platform authentication by the Fan Out driver core with corrupted memory.

Adding debugging to the Fan Out driver, revealed an LDAP request that contained -b (or base) "cn=\ ,ou=container,ou=container,o=container" submitted to NLDAP at the time the ndsd process cored.

Attempting to authenticate on a host configured to authenticate using Fan Out with the following command would cause the ndsd process to core:

ssh \

Entry from ASAM debug log:

2007-09-18 11:43:38 [6631@1116797872]: (dir) dir_escape_dn: ending, dn=cn=\ ,ou=Census,ou=Event\ Driven\ Objects,ou=ASAM\ System,o=novell
2007-09-18 11:43:38 [6631@1116797872]: (dir) dir_convert_name_to_dir_internal: converted name = cn=\ ,ou=Census,ou=Event\ Driven\ Objects,ou=ASAM\ System,o=novell
2007-09-18 11:43:38 [6631@1116797872]: (dir) dir_internal_object_exists: starting, object = cn=\ ,ou=Census,ou=Event\ Driven\ Objects,ou=ASAM\ System,o=novell

Since there were several eDirectory servers configured for authentication in each asamplat.conf, all servers configured would have the ndsd process core. This symptom was due to the fact that if an authentication server fails to respond the plaform will move to the next server listed for authentication. When each server received the request, ndsd would core and then fail to respond.

Resolution

Please contact Novell Technical Support for a patch to nldap that will resolve this issue.