Hello everyone,

I made a configuration to get slapd-sock to work with a python3 server (gevent).

The slapd configuration can be reproduced less then a minute using this ansible playbook:

the python3 server is available at the following resource, slapd-sock backend configuration can be found in the README file:

It is the following:

ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: back_sock.la
EOF

ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcDatabase={4}sock,cn=config
objectClass: olcDbSocketConfig
olcDatabase: {4}sock
olcDbSocketPath: /var/run/multildap.sock
olcSuffix: dc=proxy,dc=unical,dc=it
olcDbSocketExtensions: binddn peername ssf
EOF

I tested that this configuration doesn't have any problems in a Debian 9 installation (slapd 2.4.44) but in a Debian10 (2.4.47) does. Even if I use "servers/slapd/back-sock/searchexample.pl" [1] I get the same faulty result, described as follow:

````

# extended LDIF
#
# LDAPv3
# base <dc=proxy,dc=unical,dc=it> with scope subtree
# filter: uid=mario
# requesting: ALL
#

# search result
search: 2
result: 0 Success
text:  OK

````

As we can see RESULT was found but with any preceeding ldif.

Looking into /var/log/slapd.log I found the same behaviour of Debian9 installation:

````

[25-07-2019 10:33:57] slapd debug  conn=1036 fd=20 ACCEPT from IP=127.0.0.1:54674 (IP=0.0.0.0:389)
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" method=128
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" mech=SIMPLE ssf=0
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 RESULT tag=97 err=0 text=
[25-07-2019 10:33:57] slapd debug  conn=1036 op=1 SRCH base="dc=proxy,dc=unical,dc=it" scope=2 deref=0 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SRCH base="ou=people,dc=testunical,dc=it" scope=2 deref=3 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SRCH attr=eduPersonPrincipalName schacHomeOrganization mail uid givenName sn eduPersonScopedAffiliation schacPersonalUniqueId schacPersonalUniqueCode userPassword
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SEARCH RESULT tag=101 err=0 nentries=4 text=
[25-07-2019 10:33:57] slapd debug  sock: fgets failed: Success (0)
[25-07-2019 10:33:57] slapd debug  conn=1036 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= OK
[25-07-2019 10:33:57] slapd debug  conn=1036 op=2 UNBIND
[25-07-2019 10:33:57] slapd debug  conn=1036 fd=20 closed

````

I also tried to use admin credentials, as shown in the slapd log.

I also tried to do a fresh slapd installation by hands, on Debian9 slapd-sock works (searchexample.pl and pyMultiLdap) but not Debian10.

I read that there are two additional features regarding slapd-sock in openldap 2.4.47. These are:

   - Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
   - Added slapd-sock ability to send extended operations to external listeners (ITS#8714)

My doubts:

Is there any need to change configuration, following ITS#8714 and ITS#8051, to get it to work in Debian10 ?

or

Am I facing a bug present in openldap 2.4.47 ?

Thank you in advance for everything you would tell me,

Cheers

[1] https://github.com/openldap/openldap/blob/master/servers/slapd/back-sock/searchexample.pl

--