Red Hat Bugzilla – Bug 219573
server should support ldapi (unix domain socket) interface
Last modified: 2015-01-04 18:21:41 EST
(Filed on behalf of firstname.lastname@example.org)
The directory server should support the ldapi interface. This means the server
needs to be able to listen to a unix domain socket. This may also mean the
server needs to recognize and support LDAP URLs of the form "ldapi://<unix
domain socket>" where <unix domain socket> is the path and filename of the
socket. This is primarily to support Heimdal kerberos which can already use an
LDAP backend if the LDAP server can listen on a unix domain socket.
Samba4 would also benifit in particular from ldapi:// and the ability to bind
with a SASL EXTERNAL bind (and then impersonate the actual user, for it's proxy
This is also a blocker for Samba4/FDS automated testing, as our test rig creates
a virtual network (using socket_wrapper) that FDS cannot be a part of. We need
ldapi:// to communicate without using IP networking.
In an attempt to make Samba4's test environment as reproducible as possible, and
to avoid issues with root privilages as low ports, Samba4 operates a virtual
network known as 'socket_wrapper'.
This wrapper is a #define macro based system, which overloads all socket calls,
and redirects them to a series of unix domain sockets.
The challenge I have is that our testsuite relies on this, but Fedora DS does
not support it. As such, attempts to connect to localhost:3389 (for example)
are redirected to a local unix domain socket, where of course Fedora DS is not
For OpenLDAP, we work around this by using ldapi://, which is unmolested by
Has there been any progress on
I would rather not waste time constructing proxies in/out of socket_wrapper if I
don't need to.
*** This bug has been marked as a duplicate of 229280 ***