[rt-users] RT::Authen::ExternalAuth::LDAP, Net::LDAP, Net::SSLeay, SEGV

jan.grant at bristol.ac.uk jan.grant at bristol.ac.uk
Wed Aug 25 05:14:00 EDT 2010

I'm currently hunting an irritating and elusive bug right at the moment.

I'm trying to use an external info provider that uses LDAP to supply user 
details. Unfortunately, the trace I'm seeing looks like this...

 _GetBoundLdapObj calls Net::LDAP (/data/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:434)

... at which point there's a segfault deep inside SSLeay. This only 
happens if I try to use SSL - either start_tls or scheme => 'ldaps' when 
creating the Net::LDAP object.

I can do a brute-force extraction of a test-case that goes via RT's 
libraries to reproduce this reliably, and the issue doesn't seem to be 
directly inside RT. However, and incredibly irritatingly, when I take the 
RT libraries out-of-the-loop and just create a test-case that calls 
Net::LDAP directly, it works perfectly.

In other words: this bug appears to only get tickled inside RT for some 

I take it that RT (or RT::Authen::ExternalAuth) don't muck around with 
internal SSLeay settings that might cause this, in a way that I've missed?

Has anyone else seen this?

This is on a shiny new debian lenny (although I've been seeing the 
problem for a while now) [2.6.32-trunk-686 #1 SMP] - ie, 32-bit.


jan grant, ISYS, University of Bristol. http://www.bris.ac.uk/
Tel +44 (0)117 3317661   http://ioctl.org/jan/
Generalisation is never appropriate.

More information about the rt-users mailing list