(Filed on behalf of abartlet) The directory server should support the ldapi interface. This means the server needs to be able to listen to a unix domain socket. This may also mean the server needs to recognize and support LDAP URLs of the form "ldapi://<unix domain socket>" where <unix domain socket> is the path and filename of the socket. This is primarily to support Heimdal kerberos which can already use an LDAP backend if the LDAP server can listen on a unix domain socket.
Samba4 would also benifit in particular from ldapi:// and the ability to bind with a SASL EXTERNAL bind (and then impersonate the actual user, for it's proxy operation).
This is also a blocker for Samba4/FDS automated testing, as our test rig creates a virtual network (using socket_wrapper) that FDS cannot be a part of. We need ldapi:// to communicate without using IP networking. In an attempt to make Samba4's test environment as reproducible as possible, and to avoid issues with root privilages as low ports, Samba4 operates a virtual network known as 'socket_wrapper'. This wrapper is a #define macro based system, which overloads all socket calls, and redirects them to a series of unix domain sockets. The challenge I have is that our testsuite relies on this, but Fedora DS does not support it. As such, attempts to connect to localhost:3389 (for example) are redirected to a local unix domain socket, where of course Fedora DS is not listening. For OpenLDAP, we work around this by using ldapi://, which is unmolested by socket_wrapper. Has there been any progress on https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=219573 I would rather not waste time constructing proxies in/out of socket_wrapper if I don't need to.
*** This bug has been marked as a duplicate of 229280 ***