Hello, I've found the solution with the help of a colleague.
Simply apparmor was blocking the access to the socket for slapd. By enabling slapd to access the UNIX socket in apparmor, the communication between the back-sock backend and my python server worked fine. Best regards Gianluca Ramunno ________________________________ From: Gianluca Ramunno <g.ramu...@criticalcase.com> Sent: Wednesday, May 28, 2025 18:09 To: openldap-technical@openldap.org <openldap-technical@openldap.org> Subject: back-sock module: error "socket connect(<socket_file_name>) failed" Hello all, I'm a newbie in LDAP/OpenLDAP. I have to implement an LDAP proxy that "simply" authenticates a user against a first LDAP server and, if it fails for invalid credentials, tries to authenticate against a second LDAP server. I've found OpenLDAP and the back-sock backend as a possible way to implement such a scheme, using a python script as a concurrent server listening on the UNIX socket that will be used by the backend back-sock. I'm currently using Ubuntu 22.04 and OpenLDAP 2.5.19 for testing. Now I have a concurrent server in python that works well: it accepts a connection on a UNIX socket, prints what it receives over the connection and closes it. I tested it with a simple python client. On the OpenLDAP side, instead, I have a big issue: I tried to configure the backend using the legacy mode (the slapd.conf config file will follow), but when I try to run the command ldapwhoami -x -D "cn=admin,dc=example,dc=com" -W -H ldap://localhost (with "dc=example,dc=com" replaced with the base DN I used in the configuration during the installation phase) on the same machine where slapd is running, the command returns: ldap_bind: Invalid credentials (49) using the right password input during installation phase, while on the server side in the log I found the error message: socket connect(<socket_file_name>) failed and the server python does not give any sign of accepting a connection. Setting the loglevel to -1 or starting slapd with strace ( strace slapd -d -1 ) does not provide further information. NOTE that the above ldapwhoami command worked fine with the original configuration with the new method in the slapd.d folder. This is the config file I created to use the back-sock backend: modulepath /usr/lib/ldap moduleload back_sock.la include /etc/ldap/schema/core.schema pidfile /var/run/slapd/slapd.pid argsfile /var/run/slapd/slapd.args #loglevel 256 loglevel -1 database sock socketpath /tmp/ldsock suffix "dc=proxy,dc=ldap" Any clue? Thanks in advance Gianluca Ramunno
