# [SOLVED]: OpenLDAP and GnuTLS (and OpenSSL)

## AchilleTalon

I am unable to make OpenLDAP and GnuTLS working together. As soon as I enter the definitions for the certificates in the slapd.conf file I am getting the following error on startup:

```

 * Starting ldap-server ...

*** glibc detected *** /usr/lib/openldap/slapd: double free or corruption (!prev): 0x0828b398 ***

======= Backtrace: =========

/lib/libc.so.6(+0x6e7b1)[0xb73c97b1]

/lib/libc.so.6(+0x700e3)[0xb73cb0e3]

/lib/libc.so.6(cfree+0x6d)[0xb73ce26d]

/usr/lib/libgnutls.so.26(gnutls_priority_deinit+0x20)[0xb72c7500]

/usr/lib/libldap_r-2.4.so.2(+0x3a9d3)[0xb77689d3]

/usr/lib/libldap_r-2.4.so.2(ldap_pvt_tls_ctx_free+0x25)[0xb77655c5]

/usr/lib/libldap_r-2.4.so.2(+0x37697)[0xb7765697]

/usr/lib/openldap/slapd(main+0x10fc)[0x8060a4c]

/lib/libc.so.6(__libc_start_main+0xe6)[0xb7375296]

/usr/lib/openldap/slapd[0x805f3d1]

======= Memory map: ========

08048000-081b4000 r-xp 00000000 fd:05 95674      /usr/lib/openldap/slapd

081b4000-081b5000 r--p 0016b000 fd:05 95674      /usr/lib/openldap/slapd

081b5000-081ba000 rw-p 0016c000 fd:05 95674      /usr/lib/openldap/slapd

081ba000-08299000 rw-p 00000000 00:00 0          [heap]

b6be3000-b6bfe000 r-xp 00000000 fd:05 309486     /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/libgcc_s.so.1

b6bfe000-b6bff000 r--p 0001a000 fd:05 309486     /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/libgcc_s.so.1

b6bff000-b6c00000 rw-p 0001b000 fd:05 309486     /usr/lib/gcc/i686-pc-linux-gnu/4.5.3/libgcc_s.so.1

b6c00000-b6c21000 rw-p 00000000 00:00 0 

b6c21000-b6d00000 ---p 00000000 00:00 0 

b6d04000-b6d28000 r-xp 00000000 fd:05 422455     /usr/lib/postgresql-9.1/lib/libpq.so.5.4

b6d28000-b6d29000 r--p 00024000 fd:05 422455     /usr/lib/postgresql-9.1/lib/libpq.so.5.4

b6d29000-b6d2a000 rw-p 00025000 fd:05 422455     /usr/lib/postgresql-9.1/lib/libpq.so.5.4

b6d2a000-b6d7c000 r-xp 00000000 fd:05 415597     /usr/lib/libssl.so.1.0.0

b6d7c000-b6d7e000 r--p 00051000 fd:05 415597     /usr/lib/libssl.so.1.0.0

b6d7e000-b6d81000 rw-p 00053000 fd:05 415597     /usr/lib/libssl.so.1.0.0

b6d81000-b6da5000 r-xp 00000000 09:03 95800      /lib/libm-2.13.so

b6da5000-b6da6000 r--p 00023000 09:03 95800      /lib/libm-2.13.so

b6da6000-b6da7000 rw-p 00024000 09:03 95800      /lib/libm-2.13.so

b6db4000-b6ed7000 r-xp 00000000 fd:05 171085     /usr/lib/mysql/libmysqlclient.so.16.0.0

b6ed7000-b6ed9000 r--p 00122000 fd:05 171085     /usr/lib/mysql/libmysqlclient.so.16.0.0

b6ed9000-b6f1e000 rw-p 00124000 fd:05 171085     /usr/lib/mysql/libmysqlclient.so.16.0.0

b6f1e000-b6f1f000 rw-p 00000000 00:00 0 

b6f1f000-b6f24000 r-xp 00000000 fd:05 376892     /usr/lib/sasl2/libsql.so.2.0.23

b6f24000-b6f25000 r--p 00005000 fd:05 376892     /usr/lib/sasl2/libsql.so.2.0.23

b6f25000-b6f26000 rw-p 00006000 fd:05 376892     /usr/lib/sasl2/libsql.so.2.0.23

b6f26000-b6f2b000 r-xp 00000000 fd:05 376888     /usr/lib/sasl2/libsasldb.so.2.0.23

b6f2b000-b6f2c000 r--p 00004000 fd:05 376888     /usr/lib/sasl2/libsasldb.so.2.0.23

b6f2c000-b6f2d000 rw-p 00005000 fd:05 376888     /usr/lib/sasl2/libsasldb.so.2.0.23

b6f2d000-b6f31000 r-xp 00000000 fd:05 376850     /usr/lib/sasl2/libplain.so.2.0.23

b6f31000-b6f32000 r--p 00003000 fd:05 376850     /usr/lib/sasl2/libplain.so.2.0.23

b6f32000-b6f33000 rw-p 00004000 fd:05 376850     /usr/lib/sasl2/libplain.so.2.0.23

b6f33000-b6f70000 r-xp 00000000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0

b6f70000-b6f71000 ---p 0003d000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0

b6f71000-b6f72000 r--p 0003d000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0

b6f72000-b6f73000 rw-p 0003e000 fd:05 415772     /usr/lib/libldap-2.4.so.2.6.0

b6f77000-b6f7e000 r-xp 00000000 fd:05 376881     /usr/lib/sasl2/libntlm.so.2.0.23

b6f7e000-b6f7f000 r--p 00006000 fd:05 376881     /usr/lib/sasl2/libntlm.so.2.0.23

b6f7f000-b6f80000 rw-p 00007000 fd:05 376881     /usr/lib/sasl2/libntlm.so.2.0.23

b6f80000-b6f82000 r-xp 00000000 09:03 94352      /lib/libkeyutils-1.2.so

b6f82000-b6f83000 r--p 00001000 09:03 94352      /lib/libkeyutils-1.2.so

b6f83000-b6f84000 rw-p 00002000 09:03 94352      /lib/libkeyutils-1.2.so

b6f84000-b6f8a000 r-xp 00000000 fd:05 415619     /usr/lib/libkrb5support.so.0.1

b6f8a000-b6f8b000 r--p 00005000 fd:05 415619     /usr/lib/libkrb5support.so.0.1

b6f8b000-b6f8c000 rw-p 00006000 fd:05 415619     /usr/lib/libkrb5support.so.0.1

b6f8c000-b6fb0000 r-xp 00000000 fd:05 415859     /usr/lib/libk5crypto.so.3.1

b6fb0000-b6fb1000 r--p 00023000 fd:05 415859     /usr/lib/libk5crypto.so.3.1

b6fb1000-b6fb2000 rw-p 00024000 fd:05 415859     /usr/lib/libk5crypto.so.3.1

b6fb2000-b7062000 r-xp 00000000 fd:05 415844     /usr/lib/libkrb5.so.3.3

b7062000-b7068000 r--p 000af000 fd:05 415844     /usr/lib/libkrb5.so.3.3

b7068000-b7069000 rw-p 000b5000 fd:05 415844     /usr/lib/libkrb5.so.3.3

b7069000-b709d000 r-xp 00000000 fd:05 414937     /usr/lib/libgssapi_krb5.so.2.2

b709d000-b709e000 r--p 00034000 fd:05 414937     /usr/lib/libgssapi_krb5.so.2.2

b709e000-b709f000 rw-p 00035000 fd:05 414937     /usr/lib/libgssapi_krb5.so.2.2

b70a1000-b70a4000 r-xp 00000000 fd:05 376877     /usr/lib/sasl2/liblogin.so.2.0.23

b70a4000-b70a5000 r--p 00003000 fd:05 376877     /usr/lib/sasl2/liblogin.so.2.0.23

b70a5000-b70a6000 rw-p 00004000 fd:05 376877     /usr/lib/sasl2/liblogin.so.2.0.23

b70a6000-b70aa000 r-xp 00000000 fd:05 376874     /usr/lib/sasl2/libldapdb.so.2.0.23

b70aa000-b70ab000 r--p 00003000 fd:05 376874     /usr/lib/sasl2/libldapdb.so.2.0.23

b70ab000-b70ac000 rw-p 00004000 fd:05 376874     /usr/lib/sasl2/libldapdb.so.2.0.23

b70ac000-b71fd000 r-xp 00000000 fd:05 415469     /usr/lib/libcrypto.so.1.0.0

b71fd000-b720c000 r--p 00150000 fd:05 415469     /usr/lib/libcrypto.so.1.0.0

b720c000-b7212000 rw-p 0015f000 fd:05 415469     /usr/lib/libcrypto.so.1.0.0

b7212000-b7215000 rw-p 00000000 00:00 0 

b7216000-b7218000 r-xp 00000000 09:03 95788      /lib/libcom_err.so.2.1

b7218000-b7219000 r--p 00001000 09:03 95788      /lib/libcom_err.so.2.1

b7219000-b721a000 rw-p 00002000 09:03 95788      /lib/libcom_err.so.2.1

b721a000-b7220000 r-xp 00000000 fd:05 376870     /usr/lib/sasl2/libgssapiv2.so.2.0.23

b7220000-b7221000 r--p 00005000 fd:05 376870     /usr/lib/sasl2/libgssapiv2.so.2.0.23

b7221000-b7222000 rw-p 00006000 fd:05 376870     /usr/lib/sasl2/libgssapiv2.so.2.0.23

b7222000-b722d000 r-xp 00000000 fd:05 376866     /usr/lib/sasl2/libdigestmd5.so.2.0.23

b722d000-b722e000 r--p 0000a000 fd:05 376866     /usr/lib/sasl2/libdigestmd5.so.2.0.23

b722e000-b722f000 rw-p 0000b000 fd:05 376866     /usr/lib/sasl2/libdigestmd5.so.2.0.23

b722f000-b7238000 r-xp 00000000 09:03 95571      /lib/libnss_nis-2.13.so

b7238000-b7239000 r--p 00008000 09:03 95571      /lib/libnss_nis-2.13.so

b7239000-b723a000 rw-p 00009000 09:03 95571      /lib/libnss_nis-2.13.so

b723a000-b724d000 r-xp 00000000 09:03 95561      /lib/libnsl-2.13.so

b724d000-b724e000 r--p 00012000 09:03 95561      /lib/libnsl-2.13.so

b724e000-b724f000 rw-p 00013000 09:03 95561      /lib/libnsl-2.13.so

b724f000-b7251000 rw-p 00000000 00:00 0 

b7251000-b7257000 r-xp 00000000 09:03 95802      /lib/libnss_compat-2.13.so

b7257000-b7258000 r--p 00006000 09:03 95802      /lib/libnss_compat-2.13.so

b7258000-b7259000 rw-p 00007000 09:03 95802      /lib/libnss_compat-2.13.so

b7259000-b725d000 r-xp 00000000 09:03 95803      /lib/libnss_dns-2.13.so

b725d000-b725e000 r--p 00004000 09:03 95803      /lib/libnss_dns-2.13.so

b725e000-b725f000 rw-p 00005000 09:03 95803      /lib/libnss_dns-2.13.so

b725f000-b7267000 r-xp 00000000 fd:05 415974     /usr/lib/libnss_mdns-0.2.so

b7267000-b7268000 r--p 00007000 fd:05 415974     /usr/lib/libnss_mdns-0.2.so

b7268000-b7269000 rw-p 00008000 fd:05 415974     /usr/lib/libnss_mdns-0.2.so

b7269000-b7273000 r-xp 00000000 09:03 95804      /lib/libnss_files-2.13.so

b7273000-b7274000 r--p 00009000 09:03 95804      /lib/libnss_files-2.13.so

b7274000-b7275000 rw-p 0000a000 09:03 95804      /lib/libnss_files-2.13.so

b7275000-b7277000 rw-p 00000000 00:00 0 

b7277000-b728a000 r-xp 00000000 09:03 95785      /lib/libz.so.1.2.5

b728a000-b728b000 r--p 00012000 09:03 95785      /lib/libz.so.1.2.5

b728b000-b728c000 rw-p 00013000 09:03 95785      /lib/libz.so.1.2.5

b728c000-b729b000 r-xp 00000000 fd:05 414811     /usr/lib/libtasn1.so.3.1.11

b729b000-b729c000 r--p 0000e000 fd:05 414811     /usr/lib/libtasn1.so.3.1.11

b729c000-b729d000 rw-p 0000f000 fd:05 414811     /usr/lib/libtasn1.so.3.1.11

b729d000-b72a0000 r-xp 00000000 fd:05 413705     /usr/lib/libgpg-error.so.0.8.0

b72a0000-b72a1000 r--p 00002000 fd:05 413705     /usr/lib/libgpg-error.so.0.8.0

b72a1000-b72a2000 rw-p 00003000 fd:05 413705     /usr/lib/libgpg-error.so.0.8.0

b72a2000-b72a3000 rw-p 00000000 00:00 0 

b72a3000-b72a5000 r-xp 00000000 09:03 95799      /lib/libdl-2.13.so

b72a5000-b72a6000 r--p 00001000 09:03 95799      /lib/libdl-2.13.so

b72a6000-b72a7000 rw-p 00002000 09:03 95799      /lib/libdl-2.13.so

b72a7000-b7341000 r-xp 00000000 fd:05 414986     /usr/lib/libgnutls.so.26.16.14

b7341000-b7345000 r--p 00099000 fd:05 414986     /usr/lib/libgnutls.so.26.16.14

b7345000-b7346000 rw-p 0009d000 fd:05 414986     /usr/lib/libgnutls.so.26.16.14

b7346000-b7357000 r-xp 00000000 09:03 95807      /lib/libresolv-2.13.so

b7357000-b7358000 r--p 00010000 09:03 95807      /lib/libresolv-2.13.so

b7358000-b7359000 rw-p 00011000 09:03 95807      /lib/libresolv-2.13.so

b7359000-b735b000 rw-p 00000000 00:00 0 

b735b000-b74b3000 r-xp 00000000 09:03 94441      /lib/libc-2.13.so

b74b3000-b74b5000 r--p 00158000 09:03 94441      /lib/libc-2.13.so

b74b5000-b74b6000 rw-p 0015a000 09:03 94441      /lib/libc-2.13.so

b74b6000-b74b9000 rw-p 00000000 00:00 0 

b74b9000-b74c0000 r-xp 00000000 09:03 94436      /lib/libwrap.so.0.7.6

b74c0000-b74c1000 r--p 00006000 09:03 94436      /lib/libwrap.so.0.7.6

b74c1000-b74c2000 rw-p 00007000 09:03 94436      /lib/libwrap.so.0.7.6

b74c2000-b74c3000 rw-p 00000000 00:00 0 

b74c3000-b74cb000 r-xp 00000000 fd:05 415684     /usr/lib/libltdl.so.7.3.0

b74cb000-b74cc000 r--p 00007000 fd:05 415684     /usr/lib/libltdl.so.7.3.0

b74cc000-b74cd000 rw-p 00008000 fd:05 415684     /usr/lib/libltdl.so.7.3.0

b74cd000-b74d5000 r-xp 00000000 09:03 95555      /lib/libcrypt-2.13.so

b74d5000-b74d6000 r--p 00007000 09:03 95555      /lib/libcrypt-2.13.so

b74d6000-b74d7000 rw-p 00008000 09:03 95555      /lib/libcrypt-2.13.so

b74d7000-b74fe000 rw-p 00000000 00:00 0 

b74fe000-b7570000 r-xp 00000000 fd:05 415866     /usr/lib/libgcrypt.so.11.6.0

b7570000-b7571000 r--p 00071000 fd:05 415866     /usr/lib/libgcrypt.so.11.6.0

b7571000-b7573000 rw-p 00072000 fd:05 415866     /usr/lib/libgcrypt.so.11.6.0

b7573000-b7588000 r-xp 00000000 fd:05 415201     /usr/lib/libsasl2.so.2.0.23

b7588000-b7589000 r--p 00014000 fd:05 415201     /usr/lib/libsasl2.so.2.0.23

b7589000-b758a000 rw-p 00015000 fd:05 415201     /usr/lib/libsasl2.so.2.0.23

b758a000-b7599000 r-xp 00000000 fd:05 415876     /usr/lib/libslp.so.1.0.1

b7599000-b759a000 r--p 0000e000 fd:05 415876     /usr/lib/libslp.so.1.0.1

b759a000-b759b000 rw-p 0000f000 fd:05 415876     /usr/lib/libslp.so.1.0.1

b759b000-b75b0000 r-xp 00000000 09:03 95576      /lib/libpthread-2.13.so

b75b0000-b75b1000 ---p 00015000 09:03 95576      /lib/libpthread-2.13.so

b75b1000-b75b2000 r--p 00015000 09:03 95576      /lib/libpthread-2.13.so

b75b2000-b75b3000 rw-p 00016000 09:03 95576      /lib/libpthread-2.13.so

b75b3000-b75b6000 rw-p 00000000 00:00 0 

b75b6000-b7718000 r-xp 00000000 fd:05 415741     /usr/lib/libdb-4.8.so

b7718000-b771a000 r--p 00161000 fd:05 415741     /usr/lib/libdb-4.8.so

b771a000-b771c000 rw-p 00163000 fd:05 415741     /usr/lib/libdb-4.8.so

b771c000-b771f000 r-xp 00000000 09:03 94425      /lib/libuuid.so.1.3.0

b771f000-b7720000 r--p 00002000 09:03 94425      /lib/libuuid.so.1.3.0

b7720000-b7721000 rw-p 00003000 09:03 94425      /lib/libuuid.so.1.3.0

b7721000-b772c000 r-xp 00000000 fd:05 415281     /usr/lib/liblber-2.4.so.2.6.0

b772c000-b772d000 r--p 0000a000 fd:05 415281     /usr/lib/liblber-2.4.so.2.6.0

b772d000-b772e000 rw-p 0000b000 fd:05 415281     /usr/lib/liblber-2.4.so.2.6.0

b772e000-b7771000 r-xp 00000000 fd:05 414764     /usr/lib/libldap_r-2.4.so.2.6.0

b7771000-b7772000 r--p 00042000 fd:05 414764     /usr/lib/libldap_r-2.4.so.2.6.0

b7772000-b7773000 rw-p 00043000 fd:05 414764     /usr/lib/libldap_r-2.4.so.2.6.0

b7773000-b7774000 rw-p 00000000 00:00 0 

b7776000-b777a000 r-xp 00000000 fd:05 376859     /usr/lib/sasl2/libcrammd5.so.2.0.23

b777a000-b777b000 r--p 00003000 fd:05 376859     /usr/lib/sasl2/libcrammd5.so.2.0.23

b777b000-b777c000 rw-p 00004000 fd:05 376859     /usr/lib/sasl2/libcrammd5.so.2.0.23

b777c000-b777f000 r-xp 00000000 fd:05 376855     /usr/lib/sasl2/libanonymous.so.2.0.23

b777f000-b7780000 r--p 00002000 fd:05 376855     /usr/lib/sasl2/libanonymous.so.2.0.23

b7780000-b7781000 rw-p 00003000 fd:05 376855     /usr/lib/sasl2/libanonymous.so.2.0.23

b7781000-b7782000 rw-p 00000000 00:00 0 

b7782000-b779e000 r-xp 00000000 09:03 95796      /lib/ld-2.13.so

b779e000-b779f000 r--p 0001b000 09:03 95796      /lib/ld-2.13.so

b779f000-b77a0000 rw-p 0001c000 09:03 95796      /lib/ld-2.13.so

bfcc7000-bfce8000 rw-p 00000000 00:00 0          [stack]

ffffe000-fffff000 r-xp 00000000 00:00 0          [vdso]

 * start-stop-daemon: failed to start `/usr/lib/openldap/slapd'           [ !! ]

 * ERROR: slapd failed to start

```

Any hints?

----------

## DeIM

Hi, I'm far from pro, but actually solving different problem with OpenLDAP. Maybe I'll use GnuTLS in future  :Wink: 

So, posting versions and USE flags of used packages (glibc openldap gnutls ...) could be good start.

----------

## AchilleTalon

 *Quote:*   

> emerge --info openldap gnutls openssl
> 
> Portage 2.1.10.41 (default/linux/x86/10.0, gcc-4.5.3, glibc-2.13-r4, 3.1.6-gentoo i686)
> 
> =================================================================
> ...

 

slapd.conf

```

#

# See slapd.conf(5) for details on configuration options.

# This file should NOT be world readable.

#

include      /etc/openldap/schema/core.schema

include      /etc/openldap/schema/cosine.schema

include      /etc/openldap/schema/inetorgperson.schema

include      /etc/openldap/schema/kerberos.schema

include      /etc/openldap/schema/java.schema

include      /etc/openldap/schema/dhcp.schema

# Define global ACLs to disable default read access.

# Do not enable referrals until AFTER you have a working directory

# service AND an understanding of referrals.

#referral   ldap://root.openldap.org

pidfile      /var/run/openldap/slapd.pid

argsfile   /var/run/openldap/slapd.args

TLSCipherSuite        HIGH:+SSLv3:+SSLv2

TLSCACertificateFile  /etc/ssl/certs/cacert.pem

TLSCertificateFile    /etc/openldap/ssl/slapd.cert

TLSCertificateKeyFile /etc/openldap/ssl/slapd.key

TLSVerifyClient       demand

#######################################################################

# BDB database definitions

#######################################################################

database      bdb

suffix                "dc=cids,dc=ca"

#           <kbyte> <min>

checkpoint    32      30

rootdn                "cn=Manager,dc=cids,dc=ca"

# Cleartext passwords, especially for the rootdn, should

# be avoid.  See slappasswd(8) and slapd.conf(5) for details.

# Use of strong authentication encouraged.

rootpw                {SSHA}1234567890abcdefghijklmnopqrstuvwxyz

# The database directory MUST exist prior to running slapd AND 

# should only be accessible by the slapd and slap tools.

# Mode 700 recommended.

directory   /var/lib/openldap-data

# Indices to maintain

index   objectClass   eq

database config

```

Certificates and keys where generated with OpenSSL. And I established my own CA. All these using the CA.pl script in the /etc/ssl/misc directory. The error happens as soon as one or more of these are defined: TLSCACertificateFile, TLSCertificateFile and/or TLSCertificateKeyFile. The TLSCipherSuite and TLSVerifyClient don't lead to any error for now and the slapd starts fine with these two defined.

----------

## AchilleTalon

Here is the answer: DON'T USE GnuTLS with OPENLDAP!!!!

Rebuilt everything with -gnutls flag for OpenLDAP and it solves all my problems with this part of the setup.

----------

