Socat tcp to local socket

List overview All Threads
Download

newer

older

Adding syncprov to running slapd

RE: Socat tcp to local socket

Marc Roos

25 Aug 2019 25 Aug '19

12:36 p.m.

Anyone having some experience using socat (or something similar?) to connect to a remote slapd server tcp/tls with a local socket? I have a client that requires the local ldapi socket. But I do not want to install there an instance of slapd.

Show replies by date

Marc Roos

25 Aug 25 Aug

3:43 p.m.

With this I am able to issue just one ldap search on the socket. Subsequent queries fail with 'ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)'

socat -d -d OPENSSL:192.168.10.18:8443,cafile=/etc/openldap/cacerts/ca.crt,verify=0, keepalive,reuseaddr,ignoreeof UNIX-LISTEN:/var/run/ldapi,reuseaddr,type=1,ignoreeof

I am just wondering if this is even possible, maybe the tcp connections keeps an authorized session? Or ldapi communication is just different? If this ldapi communication is different from ldaps. I guess I am only left with the options like - connecting with some forwarded ssh session to the local ldapi server socket - maybe export ldapi with stunnel on the server, and capture it again with stunnel/socat - look into slapd proxy/meta

Marc Roos

27 Aug 27 Aug

9:35 a.m.

Got it working with this:

socat -s UNIX-LISTEN:/var/run/ldapi,unlink-early,fork OPENSSL:ldap.local:8443,cafile=/etc/pki/ca-trust/source/anchors/ca.crt,v erify=0,keepalive,reuseaddr

-----Original Message----- To: openldap-technical Subject: RE: Socat tcp to local socket

With this I am able to issue just one ldap search on the socket. Subsequent queries fail with 'ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)'

socat -d -d OPENSSL:192.168.10.18:8443,cafile=/etc/openldap/cacerts/ca.crt,verify=0, keepalive,reuseaddr,ignoreeof UNIX-LISTEN:/var/run/ldapi,reuseaddr,type=1,ignoreeof

2070

Age (days ago)

2072

Last active (days ago)

openldap-technical@openldap.org

2 comments

1 participants

tags (0)

participants (1)

Marc Roos