Problem running diagpwd

Hi!

We need to troubleshoot some universal password errors but having problems running diagpwd utility.

eDirectory runs on OES 24.1 (eDirectory 9.2.8) and when running we get following error:

# diagpwd <serverIP> 636 /etc/opt/novell/certs/SSCert.pem <LDAP DN of user to check> base <LDAP DN of admin account>

ERROR -1 ldap_simple_bind_s
Segmentation fault (core dumped)

Please note that:

- LDAP authentication on that server works without any problems

- LDAP SSL certificate has not expired

- LDAP SSL certificate has both DNS and IP as SAN

- We get same error if we use serverDNS name instead of serverIP whe running diagpwd

diagpwd -v returns "diagpwd version 5"

We tested that on multiple servers in same tree with same result, so either we are using utility wrong way or there is something wrong with that version of diagpwd.

Any help appreciated Blush

Kind regards,

Sebastijan

PS: Just for info, on OES servers diagpwd is automatically installed by edirectory-oes-nmas-ldap-extensions-client-9.2.8-150400.1.46.x86_64 package

Kind regards,

Sebastijan

If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Parents
  • 0   in reply to   

    No difference in the symptoms, even after confirming the path is set, and on a box I haven't tried this yet.

    and those ldd commands don't work for me either syntax

    ds2:~ # ldd diagpwd
    ldd: ./diagpwd: No such file or directory
    ds2:~ # ldd ./diagpwd
    ldd: ./diagpwd: No such file or directory

    ahh, that KB needs updating to include the path.    and both with or without that environment path set, both show
       libnmasext.so => /opt/novell/eDirectory/lib64/libnmasext.so (0x00007f9011a00000)

    something else is afoot.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • 0   in reply to   

    I'll update the KB.  the libnmasext.so; which mistakenly got highlighted during formatting, isn't the issue on OES 23 & 24.  It's the version libldap_r-2.4.so.2 which is placed in /usr/lib64

    Adding /opt/novell/eDirectory/eDir-exclusive/lib64 to the LD_LIBRARY_PATH

    OES243:/opt/novell/eDirectory/bin # export LD_LIBRARY_PATH=/opt/novell/eDirectory/eDir-exclusive/lib64:$LD_LIBRARY_PATH

    changes the output of ldd <path>/diagpwd

    from:  libldap-2.4.so.2 => /usr/lib64/libldap-2.4.so.2

    to:  libldap_r-2.4.so.2 => /opt/novell/eDirectory/eDir-exclusive/lib64/libldap_r-2.4.so.2

    The core stack for the core I can duplicate shows:

     Stack trace of thread 77892:

                    #0  0x00007fafacc5bf22 __pthread_rwlock_wrlock (libpthread.so.0 + 0xff22)

                    #1  0x00007fafab6f1149 CRYPTO_THREAD_write_lock (libcrypto.so.1.1 + 0x230149)

                    #2  0x00007fafac5adc0c SSL_CTX_flush_sessions (libssl.so.1.1 + 0x4cc0c)

                    #3  0x00007fafac5a4183 SSL_CTX_free (libssl.so.1.1 + 0x43183)

                    #4  0x00007fafaccc8ec5 ldap_int_tls_destroy (libldap_r-2.4.so.2 + 0x39ec5)

                    #5  0x00007fafacd259b3 _dl_fini (ld-linux-x86-64.so.2 + 0x119b3)

                    #6  0x00007fafac856bd9 __run_exit_handlers (libc.so.6 + 0x4dbd9)

                    #7  0x00007fafac856d6a exit (libc.so.6 + 0x4dd6a)

                    #8  0x00007fafac83e254 __libc_start_main (libc.so.6 + 0x35254)

                    #9  0x0000000000401d2a _start (diagpwd + 0x1d2a)

    If you stack trace is different, please post it for me to review.

  • 0   in reply to   

    Core traces are a bit beyond me at this time without more detailed instructions. I am so not a dev guy.

    The cores are just over a quarter Megabyte in size, so should easily be able to post the most recent one and the matching PuTTY log to the case (02974596).

    One thing that is catching my eye in the strace, a bunch of (No such file or directory) referencing /opt/novell/eDirectory/eDir-exclusive/lib64/tls/  which doesn't exist.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Reply
  • 0   in reply to   

    Core traces are a bit beyond me at this time without more detailed instructions. I am so not a dev guy.

    The cores are just over a quarter Megabyte in size, so should easily be able to post the most recent one and the matching PuTTY log to the case (02974596).

    One thing that is catching my eye in the strace, a bunch of (No such file or directory) referencing /opt/novell/eDirectory/eDir-exclusive/lib64/tls/  which doesn't exist.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

Children
  • 0   in reply to   

    and I see a typo in today's exports,  a double colon.   fixing that has it working now
    if export is the correct syntax, that would be a good addition to the KB article.

    as well as some consistency on which certs to use.  Local server cert vs CA's public, and pem vs der

    I am getting in with the local server cert to talk to itself.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.