[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd-sock v2.4.47 not returning LDIF



Hello everyone,

I made a configuration to get slapd-sock to work with a python3 server (gevent).
The slapd configuration can be reproduced less then a minute using this ansible playbook:
https://github.com/peppelinux/ansible-slapd-eduperson2016

the python3 server is available at the following resource, slapd-sock backend configuration can be found in the README file:
https://github.com/peppelinux/pyMultiLDAP

It is the following:

ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModuleLoad: back_sock.la
EOF

ldapadd -Y EXTERNAL -H ldapi:/// <<EOF
dn: olcDatabase={4}sock,cn=config
objectClass: olcDbSocketConfig
olcDatabase: {4}sock
olcDbSocketPath: /var/run/multildap.sock
olcSuffix: dc=proxy,dc=unical,dc=it
olcDbSocketExtensions: binddn peername ssf
EOF

I tested that this configuration doesn't have any problems in a Debian 9 installation (slapd 2.4.44) but in a Debian10 (2.4.47) does. Even if I use "servers/slapd/back-sock/searchexample.pl" [1] I get the same faulty result, described as follow:

````
# extended LDIF
#
# LDAPv3
# base <dc=proxy,dc=unical,dc=it> with scope subtree
# filter: uid=mario
# requesting: ALL
#

# search result
search: 2
result: 0 Success
text:  OK
````

As we can see RESULT was found but with any preceeding ldif.
Looking into /var/log/slapd.log I found the same behaviour of Debian9 installation:

````
[25-07-2019 10:33:57] slapd debug  conn=1036 fd=20 ACCEPT from IP=127.0.0.1:54674 (IP=0.0.0.0:389)
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" method=128
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 BIND dn="cn=admin,dc=testunical,dc=it" mech=SIMPLE ssf=0
[25-07-2019 10:33:57] slapd debug  conn=1036 op=0 RESULT tag=97 err=0 text=
[25-07-2019 10:33:57] slapd debug  conn=1036 op=1 SRCH base="dc=proxy,dc=unical,dc=it" scope=2 deref=0 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SRCH base="ou=people,dc=testunical,dc=it" scope=2 deref=3 filter="(objectClass=*)"
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SRCH attr=eduPersonPrincipalName schacHomeOrganization mail uid givenName sn eduPersonScopedAffiliation schacPersonalUniqueId schacPersonalUniqueCode userPassword
[25-07-2019 10:33:57] slapd debug  conn=1034 op=5 SEARCH RESULT tag=101 err=0 nentries=4 text=
[25-07-2019 10:33:57] slapd debug  sock: fgets failed: Success (0)
[25-07-2019 10:33:57] slapd debug  conn=1036 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= OK
[25-07-2019 10:33:57] slapd debug  conn=1036 op=2 UNBIND
[25-07-2019 10:33:57] slapd debug  conn=1036 fd=20 closed
````

I also tried to use admin credentials, as shown in the slapd log.
I also tried to do a fresh slapd installation by hands, on Debian9 slapd-sock works (searchexample.pl and pyMultiLdap) but not Debian10.
I read that there are two additional features regarding slapd-sock in openldap 2.4.47. These are:

   - Added slapd-sock DN qualifier for subtrees to be processed (ITS#8051)
   - Added slapd-sock ability to send extended operations to external listeners (ITS#8714)

My doubts:
Is there any need to change configuration, following ITS#8714 and ITS#8051, to get it to work in Debian10 ?
or
Am I facing a bug present in openldap 2.4.47 ?

Thank you in advance for everything you would tell me,
Cheers




[1] https://github.com/openldap/openldap/blob/master/servers/slapd/back-sock/searchexample.pl

--
____________________
Dott. Giuseppe De Marco
CENTRO ICT DI ATENEO
University of Calabria
87036 Rende (CS) - Italy
Phone: +39 0984 496961
e-mail: giuseppe.demarco@unical.it