Hello all,
I'm a newbie in LDAP/OpenLDAP.
I have to implement an LDAP proxy that "simply" authenticates a user against a first LDAP server and, if it fails for invalid credentials, tries to authenticate against a second LDAP server.
I've found OpenLDAP and the back-sock backend as a possible way to implement such a scheme, using a python script as a concurrent server listening on the UNIX socket that will be used by the backend back-sock.
I'm currently using Ubuntu 22.04 and OpenLDAP 2.5.19 for testing.
Now I have a concurrent server in python that works well: it accepts a connection on a UNIX socket, prints what it receives over the connection and closes it. I tested it with a simple python client.
On the OpenLDAP side, instead, I have a big issue: I tried to configure the backend using the legacy mode (the
slapd.conf config file will follow), but when I try to run the command
ldapwhoami -x -D "cn=admin,dc=example,dc=com" -W -H ldap://localhost
(with "dc=example,dc=com" replaced with the base DN I used in the configuration during the installation phase)
on the same machine where slapd is running, the command returns:
ldap_bind: Invalid credentials (49)
using the right password input during installation phase, while on the server side in the log I found the error message:
socket connect(<socket_file_name>) failed
and the server python does not give any sign of accepting a connection.
Setting the
loglevel
to -1 or starting
slapd
with strace (
strace slapd -d -1 ) does not provide further information.
NOTE that the above
ldapwhoami command worked fine with the original configuration with the new method in the
slapd.d folder.
This is the config file I created to use the back-sock backend:
modulepath /usr/lib/ldap
moduleload back_sock.la
include /etc/ldap/schema/core.schema
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
#loglevel 256
loglevel -1
database sock
socketpath /tmp/ldsock
suffix "dc=proxy,dc=ldap"
Any clue?
Thanks in advance
Gianluca Ramunno