Hello everyone,
I made a configuration to get slapd-sock to work with a python3 server (gevent). The slapd configuration can be reproduced less then a minute using this ansible playbook: https://github.com/peppelinux/ansible-slapd-eduperson2016
the python3 server is available at the following resource, slapd-sock backend configuration can be found in the README file: https://github.com/peppelinux/pyMultiLDAP
It is the following:
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF dn: cn=module,cn=config objectClass: olcModuleList cn: module olcModuleLoad: back_sock.la EOF
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF dn: olcDatabase={4}sock,cn=config objectClass: olcDbSocketConfig olcDatabase: {4}sock olcDbSocketPath: /var/run/multildap.sock olcSuffix: dc=proxy,dc=unical,dc=it olcDbSocketExtensions: binddn peername ssf EOF
I tested that this configuration doesn't have any problems in a Debian 9 installation (slapd 2.4.44) but in a Debian10 (2.4.47) does. Even if I use "servers/slapd/back-sock/searchexample.pl" [1] I get the same faulty result, described as follow:
```` # extended LDIF # # LDAPv3 # base <dc=proxy,dc=unical,dc=it> with scope subtree # filter: uid=mario # requesting: ALL #
# search result search: 2 result: 0 Success text: OK ````
As we can see RESULT was found but with any preceeding ldif. Looking into /var/log/slapd.log I found the same behaviour of Debian9 installation:
```` [25-07-2019 10:33:57] slapd debug conn=1036 fd=20 ACCEPT from IP= 127.0.0.1:54674 (IP=0.0.0.0:389) [25-07-2019 10:33:57] slapd debug conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" method=128 [25-07-2019 10:33:57] slapd debug conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" mech=SIMPLE ssf=0 [25-07-2019 10:33:57] slapd debug conn=1036 op=0 RESULT tag=97 err=0 text= [25-07-2019 10:33:57] slapd debug conn=1036 op=1 SRCH base="dc=proxy,dc=unical,dc=it" scope=2 deref=0 filter="(objectClass=*)" [25-07-2019 10:33:57] slapd debug conn=1034 op=5 SRCH base="ou=people,dc=testunical,dc=it" scope=2 deref=3 filter="(objectClass=*)" [25-07-2019 10:33:57] slapd debug conn=1034 op=5 SRCH attr=eduPersonPrincipalName schacHomeOrganization mail uid givenName sn eduPersonScopedAffiliation schacPersonalUniqueId schacPersonalUniqueCode userPassword [25-07-2019 10:33:57] slapd debug conn=1034 op=5 SEARCH RESULT tag=101 err=0 nentries=4 text= [25-07-2019 10:33:57] slapd debug sock: fgets failed: Success (0) [25-07-2019 10:33:57] slapd debug conn=1036 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= OK [25-07-2019 10:33:57] slapd debug conn=1036 op=2 UNBIND [25-07-2019 10:33:57] slapd debug conn=1036 fd=20 closed ````
I also tried to use admin credentials, as shown in the slapd log. I also tried to do a fresh slapd installation by hands, on Debian9 slapd-sock works (searchexample.pl https://github.com/openldap/openldap/blob/master/servers/slapd/back-sock/searchexample.pl and pyMultiLdap) but not Debian10. I read that there are two additional features regarding slapd-sock in openldap 2.4.47. These are:
- Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051) - Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
My doubts: Is there any need to change configuration, following ITS#8714 and ITS#8051, to get it to work in Debian10 ? or Am I facing a bug present in openldap 2.4.47 ?
Thank you in advance for everything you would tell me, Cheers
[1] https://github.com/openldap/openldap/blob/master/servers/slapd/back-sock/sea...