6) Retest to make sure still working
$getent hosts
Note: You can verify that StartTLS is working by enabling logging on slapd and then,
$ grep STARTTLS /var/log/syslog
You should see a STARTTLS connection every time you call 'getent hosts', if its working as expected. If you are hardcore, you can also configure the server to _only_ accept STARTTLS, but I'll leave that as an exercise for the reader.
7) Now you can test the bug! (Note: I modified the testcase provided to use getbyhostname)
ubuntu@tldapclient:~$ ./testhosts.pl
Parent!
Parent wake!
Done!
^^ Note the lack of "Child!", because the child has segfaulted.
8) With the fix:
ubuntu@tldapclient:~$ ./testhosts.pl
Parent!
Child!
Done!
Parent wake!
Done!
How I test:
1) Configure slapd (server) and libnss- ldap/ldap- utils (client) /help.ubuntu. com/lts/ serverguide/ openldap- server. html
Note: Ubuntu Server Guide is a godsend to a newbie. https:/
2) Configure slapd (server) to serve up desired /etc/hosts information /wiki.archlinux .org/index. php/LDAP_ Hosts
Note: The Arch folks have some good examples of this:
https:/
3) Configure nsswitch to use ldap
- Add 'ldap' to the 'hosts' entry in /etc/nsswitch
NOTE: make sure to disable 'nscd'!
4) Test libldap-nss/ldap working as expected:
$ getent hosts
-Should see the hosts as entered into slapd added now
5) Now configure for StartTLS /help.ubuntu. com/lts/ serverguide/ openldap- server. html
Again see Ubuntu documentation:
https:/
6) Retest to make sure still working
$getent hosts
Note: You can verify that StartTLS is working by enabling logging on slapd and then,
$ grep STARTTLS /var/log/syslog
Note: log enabling for slapd: blog.suretecsys tems.com/ archives/ 163-OpenLDAP- Quick-Tips- Change- loglevels- on-the- fly!.html
http://
, i enabled 'all'
You should see a STARTTLS connection every time you call 'getent hosts', if its working as expected. If you are hardcore, you can also configure the server to _only_ accept STARTTLS, but I'll leave that as an exercise for the reader.
7) Now you can test the bug! (Note: I modified the testcase provided to use getbyhostname) tldapclient: ~$ ./testhosts.pl
ubuntu@
Parent!
Parent wake!
Done!
^^ Note the lack of "Child!", because the child has segfaulted.
8) With the fix: tldapclient: ~$ ./testhosts.pl
ubuntu@
Parent!
Child!
Done!
Parent wake!
Done!
^^ Note the child survived. \o/