Hello everyone,
I made a configuration to get slapd-sock to work with a python3 server (gevent).
The slapd configuration can be reproduced less then a minute using this ansible playbook:
the python3 server is available at the following resource, slapd-sock backend configuration can be found in the README file:
It is the following:
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: back_sock.la
EOF
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcDatabase={4}sock,cn=config
objectClass: olcDbSocketConfig
olcDatabase: {4}sock
olcDbSocketPath: /var/run/multildap.sock
olcSuffix: dc=proxy,dc=unical,dc=it
olcDbSocketExtensions: binddn peername ssf
EOF
I tested that this configuration doesn't have any problems in a Debian 9 installation (slapd 2.4.44) but in a Debian10 (2.4.47) does. Even if I use "servers/slapd/back-sock/
searchexample.pl" [1] I get the same faulty result, described as follow:
````
# extended LDIF
#
# LDAPv3
# base <dc=proxy,dc=unical,dc=it> with scope subtree
# filter: uid=mario
# requesting: ALL
#
# search result
search: 2
result: 0 Success
text: OK
````
As we can see RESULT was found but with any preceeding ldif.
Looking into /var/log/slapd.log I found the same behaviour of Debian9 installation:
````
[25-07-2019 10:33:57] slapd debug conn=1036 fd=20 ACCEPT from IP=
127.0.0.1:54674 (IP=
0.0.0.0:389)
[25-07-2019 10:33:57] slapd debug conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" method=128
[25-07-2019 10:33:57] slapd debug conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" mech=SIMPLE ssf=0
[25-07-2019 10:33:57] slapd debug conn=1036 op=0 RESULT tag=97 err=0 text=
[25-07-2019 10:33:57] slapd debug conn=1036 op=1 SRCH base="dc=proxy,dc=unical,dc=it" scope=2 deref=0 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug conn=1034 op=5 SRCH base="ou=people,dc=testunical,dc=it" scope=2 deref=3 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug conn=1034 op=5 SRCH attr=eduPersonPrincipalName schacHomeOrganization mail uid givenName sn eduPersonScopedAffiliation schacPersonalUniqueId schacPersonalUniqueCode userPassword
[25-07-2019 10:33:57] slapd debug conn=1034 op=5 SEARCH RESULT tag=101 err=0 nentries=4 text=
[25-07-2019 10:33:57] slapd debug sock: fgets failed: Success (0)
[25-07-2019 10:33:57] slapd debug conn=1036 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= OK
[25-07-2019 10:33:57] slapd debug conn=1036 op=2 UNBIND
[25-07-2019 10:33:57] slapd debug conn=1036 fd=20 closed
````
I also tried to use admin credentials, as shown in the slapd log.
I also tried to do a fresh slapd installation by hands, on Debian9 slapd-sock works (
searchexample.pl and pyMultiLdap) but not Debian10.
I read that there are two additional features regarding slapd-sock in openldap 2.4.47. These are:
- Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
- Added slapd-sock ability to send extended operations to external listeners (ITS#8714)
My doubts:
Is there any need to change configuration, following ITS#8714 and ITS#8051, to get it to work in Debian10 ?
or
Am I facing a bug present in openldap 2.4.47 ?
Thank you in advance for everything you would tell me,
Cheers
--
____________________
Dott. Giuseppe De Marco
CENTRO ICT DI ATENEO
University of Calabria87036 Rende (CS) - ItalyPhone: +39 0984 496961e-mail: giuseppe.demarco@unical.it