Anyone having some experience using socat (or something similar?) to
connect to a remote slapd server tcp/tls with a local socket? I have a
client that requires the local ldapi socket. But I do not want to
install there an instance of slapd.
Show replies by date
With this I am able to issue just one ldap search on the socket.
Subsequent queries fail with 'ldap_sasl_bind(SIMPLE): Can't contact LDAP
server (-1)'
socat -d -d
OPENSSL:192.168.10.18:8443,cafile=/etc/openldap/cacerts/ca.crt,verify=0,
keepalive,reuseaddr,ignoreeof
UNIX-LISTEN:/var/run/ldapi,reuseaddr,type=1,ignoreeof
I am just wondering if this is even possible, maybe the tcp connections
keeps an authorized session? Or ldapi communication is just different?
If this ldapi communication is different from ldaps. I guess I am only
left with the options like
- connecting with some forwarded ssh session to the local ldapi server
socket
- maybe export ldapi with stunnel on the server, and capture it again
with stunnel/socat
- look into slapd proxy/meta
Got it working with this:
socat -s UNIX-LISTEN:/var/run/ldapi,unlink-early,fork
OPENSSL:ldap.local:8443,cafile=/etc/pki/ca-trust/source/anchors/ca.crt,v
erify=0,keepalive,reuseaddr
-----Original Message-----
To: openldap-technical
Subject: RE: Socat tcp to local socket
With this I am able to issue just one ldap search on the socket.
Subsequent queries fail with 'ldap_sasl_bind(SIMPLE): Can't contact LDAP
server (-1)'
socat -d -d
OPENSSL:192.168.10.18:8443,cafile=/etc/openldap/cacerts/ca.crt,verify=0,
keepalive,reuseaddr,ignoreeof
UNIX-LISTEN:/var/run/ldapi,reuseaddr,type=1,ignoreeof
I am just wondering if this is even possible, maybe the tcp connections
keeps an authorized session? Or ldapi communication is just different?
If this ldapi communication is different from ldaps. I guess I am only
left with the options like
- connecting with some forwarded ssh session to the local ldapi server
socket
- maybe export ldapi with stunnel on the server, and capture it again
with stunnel/socat
- look into slapd proxy/meta