Hello everyone,

I made a configuration to get slapd-sock to work with a python3 server (gevent).
The slapd configuration can be reproduced less then a minute using this ansible playbook:

the python3 server is available at the following resource, slapd-sock backend configuration can be found in the README file:

It is the following:

ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: back_sock.la

ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcDatabase={4}sock,cn=config
objectClass: olcDbSocketConfig
olcDatabase: {4}sock
olcDbSocketPath: /var/run/multildap.sock
olcSuffix: dc=proxy,dc=unical,dc=it
olcDbSocketExtensions: binddn peername ssf

I tested that this configuration doesn't have any problems in a Debian 9 installation (slapd 2.4.44) but in a Debian10 (2.4.47) does. Even if I use "servers/slapd/back-sock/searchexample.pl" [1] I get the same faulty result, described as follow:

# extended LDIF
# LDAPv3
# base <dc=proxy,dc=unical,dc=it> with scope subtree
# filter: uid=mario
# requesting: ALL

# search result
search: 2
result: 0 Success
text:  OK

As we can see RESULT was found but with any preceeding ldif.
Looking into /var/log/slapd.log I found the same behaviour of Debian9 installation:

[25-07-2019 10:33:57] slapd debug  conn=1036 fd=20 ACCEPT from IP= (IP=
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" method=128
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" mech=SIMPLE ssf=0
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 RESULT tag=97 err=0 text=
[25-07-2019 10:33:57] slapd debug  conn=1036 op=1 SRCH base="dc=proxy,dc=unical,dc=it" scope=2 deref=0 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SRCH base="ou=people,dc=testunical,dc=it" scope=2 deref=3 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SRCH attr=eduPersonPrincipalName schacHomeOrganization mail uid givenName sn eduPersonScopedAffiliation schacPersonalUniqueId schacPersonalUniqueCode userPassword
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SEARCH RESULT tag=101 err=0 nentries=4 text=
[25-07-2019 10:33:57] slapd debug  sock: fgets failed: Success (0)
[25-07-2019 10:33:57] slapd debug  conn=1036 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= OK
[25-07-2019 10:33:57] slapd debug  conn=1036 op=2 UNBIND
[25-07-2019 10:33:57] slapd debug  conn=1036 fd=20 closed

I also tried to use admin credentials, as shown in the slapd log.
I also tried to do a fresh slapd installation by hands, on Debian9 slapd-sock works (searchexample.pl and pyMultiLdap) but not Debian10.
I read that there are two additional features regarding slapd-sock in openldap 2.4.47. These are:

   - Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
   - Added slapd-sock ability to send extended operations to external listeners (ITS#8714)

My doubts:
Is there any need to change configuration, following ITS#8714 and ITS#8051, to get it to work in Debian10 ?
Am I facing a bug present in openldap 2.4.47 ?

Thank you in advance for everything you would tell me,

[1] https://github.com/openldap/openldap/blob/master/servers/slapd/back-sock/searchexample.pl

Dott. Giuseppe De Marco
University of Calabria
87036 Rende (CS) - Italy
Phone: +39 0984 496961
e-mail: giuseppe.demarco@unical.it