Hi all, I answer to your replies, good news: I found the problem.
@ Howard Thank you for told me that this is not a bug, it was a good point to start from.
@ Michael the back-sock listener is the same for Debian9 and for Debian10, the most important information is that neither "servers/slapd/back-sock/ searchexample.pl" worked on Debian10, but only on Debian9. The back-sock listener is a gevent python3 server. Thank you for apparmor hints, I found this information reading openldap archives. On Debian10 we do not have SElinux but only apparmor, I confirm all you wrote.
I just made some mistake in ACL, because I can read results with "ldapsearch -H ldapi:// -Y EXTERNAL -b "dc=proxy,dc=myorg,dc=it""
but not with ldapsearch -H ldap://localhost:389 -D "cn=admin,dc=myorg,dc=it" -w slapdsecret -b "dc=proxy,dc=myorg,dc=it"
So I understood it was a silly ACL problem behind this. I just added an ACL as follow and everything works fine!
```` export BASEDC="dc=myorganization,dc=it"
ldapadd -Y EXTERNAL -H ldapi:/// <<EOF dn: olcDatabase={4}sock,cn=config changeType: modify add: olcAccess olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by * break olcAccess: to dn.subtree="ou=people,$BASEDC" by dn.children="ou=auth,$BASEDC" read by self read by * break olcAccess: to * by anonymous auth by * break EOF ````
the question about Debian9 / Debian10 derived from different ldapsearch authentication methods, Thank you all for your time
Il giorno gio 25 lug 2019 alle ore 17:28 Michael Ströder < michael@stroeder.com> ha scritto:
On 7/25/19 11:31 AM, Giuseppe De Marco wrote:
I made a configuration to get slapd-sock to work with a python3 server (gevent).
Is this an asyncio server?
[25-07-2019 10:33:57] slapd debug sock: fgets failed: Success (0)
Are you sure your back-sock listener really responded on the correct socket? Does it have an own debug log.
FWIW: My back-sock listeners just work fine with 2.4.47+. But on Debian Stretch/Buster I'm using the LTB builds.
Ciao, Michael.