I'm testing out dovecot/tls/openldap(via portunus). It seems to work fine. I can access Maildir with Thunderbird as expected. However according to the logs, auth-worker crashes when slapd closes: Apr 04 22:11:56 silver slapd[1745983]: conn=1054 op=1 UNBIND Apr 04 22:11:56 silver slapd[1745983]: conn=1054 fd=14 closed Apr 04 22:11:56 silver slapd[1745983]: conn=1053 op=2 UNBIND Apr 04 22:11:56 silver slapd[1745983]: conn=1053 fd=13 closed Apr 04 22:11:56 silver dovecot[2083465]: auth-worker: Fatal: master: service(auth-worker): child 2084984 killed with signal 11 (core dumped) Apr 04 22:11:56 silver dovecot[2083465]: auth: Fatal: master: service(auth): child 2084981 killed with signal 11 (core dumped) Here is the configuration. It is a minimal setup, just testing ldap for passdb: # 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # OS: Linux 6.1.7 x86_64 NixOS 22.11 (Raccoon) btrfs # Hostname: silver auth_mechanisms = plain login base_dir = /run/dovecot2 default_internal_group = dovecot2 default_internal_user = dovecot2 mail_location = maildir:/home/%n/Maildir:INBOX=/var/spool/mail/%n:INDEX=/var/lib/dovecot/indexes/%n:LAYOUT=Maildir++ passdb { args = /var/lib/dovecot/etc/dovecot-ldap.conf.ext driver = ldap } pop3_uidl_format = %08Xv%08Xu protocols = imap sendmail_path = /run/wrappers/bin/sendmail service auth { user = root } ssl_ca =
Here is the stack trace:
PID: 2084981 (auth)
Oh, and here is the stack trace of the other pid which also dumped: $ sudo coredumpctl info 2084984 PID: 2084984 (auth) UID: 0 (root) GID: 0 (root) Signal: 11 (SEGV) Timestamp: Tue 2023-04-04 22:11:56 EDT (11h ago) Command Line: dovecot/auth -w Executable: /nix/store/s72dc8pc6g70dscya8ggsvn61rnfhixy-dovecot-2.3.19.1/libexec/dovecot/auth Control Group: /system.slice/dovecot2.service Unit: dovecot2.service Slice: system.slice Hostname: silver Storage: /var/lib/systemd/coredump/core.auth.0.9fed479ad6ac4f0e8c2d5f290d9ea3f5.2084984.1680660716000000.zst (present) Disk Size: 322.7K Message: Process 2084984 (auth) of user 0 dumped core. Module linux-vdso.so.1 with build-id 7aefd45ed44b5302cf82d7b5093cd9b882b8bc8a Module legacy.so with build-id fdd26faf7ff15c8fa78ef2091d38c5fb886da146 Module libscram.so.3 without build-id. Module libdb-5.3.so without build-id. Module libsasldb.so.3 without build-id. Module libplain.so.3 without build-id. Module libotp.so.3 without build-id. Module liblogin.so.3 without build-id. Module libgssapiv2.so.3 without build-id. Module libkeyutils.so.1 without build-id. Module libkrb5support.so.0 without build-id. Module libcom_err.so.3 without build-id. Module libk5crypto.so.3 without build-id. Module libkrb5.so.3 without build-id. Module libgssapi_krb5.so.2 without build-id. Module libgs2.so.3 without build-id. Module libdigestmd5.so.3 without build-id. Module libcrammd5.so.3 without build-id. Module libanonymous.so.3 without build-id. Module libresolv.so.2 with build-id 6bcddb1dd1be5b345df903815f364e5d967ae0ef Module libdl.so.2 with build-id 2e86539e324ffb14e185718fd284d3f3f2568f06 Module libm.so.6 with build-id 5cc630080219b350d8f9e4573c65d2dd931ea978 Module libz.so.1 without build-id. Module ld-linux-x86-64.so.2 with build-id 3be2bc3749163683f612e0fb8169ce51f75742fe Module libcrypto.so.3 with build-id ca321413716a256baa08042cb3f3c07a90cc82ce Module libssl.so.3 with build-id 4bf2aae91a0d91b0ca0a6fe1ab29b2b7653a17f6 Module libsasl2.so.3 without build-id. Module libaudit.so.1 without build-id. Module libc.so.6 with build-id 3d6884d200ead572b7b89a4133f645c7a3c039ed Module libpthread.so.0 with build-id 0f7050f6ef81222c7290351dfa67e5e062c797bf Module libsqlite3.so.0 with build-id 174a69054606e27a1c555838b07035346e83bfb0 Module libsodium.so.23 with build-id 1c1e5b232aa14bf5c942b3568bf70713da9ad11f Module liblber.so.2 without build-id. Module libldap.so.2 without build-id. Module libpam.so.0 without build-id. Module libcrypt.so.1 without build-id. Module libdovecot.so.0 without build-id. Module libstats_auth.so without build-id. Module auth without build-id. Stack trace of thread 2084984: #0 0x00007fdacaa8e824 pthread_rwlock_rdlock@GLIBC_2.2.5 (libc.so.6 + 0x8e824) #1 0x00007fdaca6312d9 CRYPTO_THREAD_read_lock (libcrypto.so.3 + 0x2312d9) #2 0x00007fdaca61ea57 ossl_lib_ctx_get_data (libcrypto.so.3 + 0x21ea57) #3 0x00007fdaca62d460 ossl_provider_deregister_child_cb (libcrypto.so.3 + 0x22d460) #4 0x00007fdaca61e960 OSSL_LIB_CTX_free (libcrypto.so.3 + 0x21e960) #5 0x00007fdac9fd2801 legacy_teardown (legacy.so + 0x7801) #6 0x00007fdaca62ebfd ossl_provider_free (libcrypto.so.3 + 0x22ebfd) #7 0x00007fdaca5f535b evp_cipher_free_int (libcrypto.so.3 + 0x1f535b) #8 0x00007fdaca99046c SSL_CTX_free (libssl.so.3 + 0x3d46c) #9 0x00007fdacae832f5 ldap_int_tls_destroy (libldap.so.2 + 0x3d2f5) #10 0x00007fdacb0dbbde _dl_fini (ld-linux-x86-64.so.2 + 0x5bde) #11 0x00007fdacaa400c5 __run_exit_handlers (libc.so.6 + 0x400c5) #12 0x00007fdacaa4024e exit (libc.so.6 + 0x4024e) #13 0x00007fdacaa29255 __libc_start_call_main (libc.so.6 + 0x29255) #14 0x00007fdacaa29309 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x29309) #15 0x0000560ebbd58675 _start (auth + 0x18675) ELF object binary architecture: AMD x86-64
On 4/5/23 10:31, Aki Tuomi wrote:
Hi! The crash occurs inside libldap. Aki
Thanks Aki,
It was against openldap 2.6.3. Subsequently, I tried openldap 2.6.4 which is in nixpkgs unstable, but I wasn't able to test this because of an issue at the Portunus/openldap end of things.
I think I'm out of time for experimenting with ldap for now, but I may come back around to this later.
In addition to Portunus/openldap, there is some movement in NixOS to package lldap, another option for managing users (https://github.com/NixOS/nixpkgs/pull/197362).
Under Courier IMAP, we just used files, but as I experiment with Dovecot, I'd also like to look into a simple and secure method to allow virtual users to manage passwords. What are people using?
-- Anthony Carrico
FYI, I was able to get Portunus up with Openldap 2.6.4 to test Dovecot, but auth/auth-worker still crash as with 2.6.3. As before the authentication works fine.
Is it the case that Dovecot has no issue tracker?
-- Anthony Carrico
participants (2)
-
Aki Tuomi
-
Anthony Carrico