Bug 219573 - server should support ldapi (unix domain socket) interface
server should support ldapi (unix domain socket) interface
Status: CLOSED DUPLICATE of bug 229280
Product: 389
Classification: Community
Component: Directory Server (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rich Megginson
Chandrasekar Kannan
Depends On:
  Show dependency treegraph
Reported: 2006-12-13 19:23 EST by Rich Megginson
Modified: 2015-01-04 18:21 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-05 12:12:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Rich Megginson 2006-12-13 19:23:24 EST
(Filed on behalf of abartlet@redhat.com)
The directory server should support the ldapi interface.  This means the server
needs to be able to listen to a unix domain socket.  This may also mean the
server needs to recognize and support LDAP URLs of the form "ldapi://<unix
domain socket>" where <unix domain socket> is the path and filename of the
socket.  This is primarily to support Heimdal kerberos which can already use an
LDAP backend if the LDAP server can listen on a unix domain socket.
Comment 1 Andrew Bartlett 2006-12-13 19:28:08 EST
Samba4 would also benifit in particular from ldapi:// and the ability to bind
with a SASL EXTERNAL bind (and then impersonate the actual user, for it's proxy
Comment 2 Andrew Bartlett 2007-01-30 19:15:06 EST
This is also a blocker for Samba4/FDS automated testing, as our test rig creates
a virtual network (using socket_wrapper) that FDS cannot be a part of.  We need
ldapi:// to communicate without using IP networking.

In an attempt to make Samba4's test environment as reproducible as possible, and
to avoid issues with root privilages as low ports, Samba4 operates a virtual
network known as 'socket_wrapper'.  

This wrapper is a #define macro based system, which overloads all socket calls,
and redirects them to a series of unix domain sockets.

The challenge I have is that our testsuite relies on this, but Fedora DS does
not support it.  As such, attempts to connect to localhost:3389 (for example)
are redirected to a local unix domain socket, where of course Fedora DS is not

For OpenLDAP, we work around this by using ldapi://, which is unmolested by

Has there been any progress on

I would rather not waste time constructing proxies in/out of socket_wrapper if I
don't need to.
Comment 3 Rich Megginson 2007-10-05 12:12:42 EDT

*** This bug has been marked as a duplicate of 229280 ***

Note You need to log in before you can comment on or make changes to this bug.