Hello all,

I'm a newbie in LDAP/OpenLDAP.

I have to implement an LDAP proxy that "simply" authenticates a user against a first LDAP server and, if it fails for invalid credentials, tries to authenticate against a second LDAP server.

I've found OpenLDAP and the back-sock backend as a possible way to implement such a scheme, using a python script as a concurrent server listening on the UNIX socket that will be used by the backend back-sock.

I'm currently using Ubuntu 22.04 and OpenLDAP 2.5.19 for testing.

Now I have a concurrent server in python that works well: it accepts a connection on a UNIX socket, prints what it receives over the connection and closes it. I tested it with a simple python client.

On the OpenLDAP side, instead, I have a big issue: I tried to configure the backend using the legacy mode (the slapd.conf config file will follow), but when I try to run the command

ldapwhoami -x -D "cn=admin,dc=example,dc=com" -W -H ldap://localhost (with "dc=example,dc=com" replaced with the base DN I used in the configuration during the installation phase) on the same machine where slapd is running, the command returns:

ldap_bind: Invalid credentials (49)

using the right password input during installation phase, while on the server side in the log I found the error message:

socket connect(<socket_file_name>) failed

and the server python does not give any sign of accepting a connection.

Setting the loglevel to -1 or starting slapd with strace ( strace slapd -d -1 ) does not provide further information.

NOTE that the above ldapwhoami command worked fine with the original configuration with the new method in the slapd.d folder.

This is the config file I created to use the back-sock backend:

modulepath /usr/lib/ldap moduleload back_sock.la

include /etc/ldap/schema/core.schema

pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args

#loglevel 256 loglevel -1

database sock socketpath /tmp/ldsock

suffix "dc=proxy,dc=ldap"

Any clue?

Thanks in advance Gianluca Ramunno