[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Socat tcp to local socket

To: openldap-technical <openldap-technical@openldap.org>
Subject: RE: Socat tcp to local socket
From: "Marc Roos" <M.Roos@f1-outsourcing.eu>
Date: Tue, 27 Aug 2019 11:35:44 +0200
Content-disposition: inline
In-reply-to: <"H00000710014d18e.1566747790.sx.f1-outsourcing.eu*"@MHS>

 

Got it working with this:

socat -s UNIX-LISTEN:/var/run/ldapi,unlink-early,fork  
OPENSSL:ldap.local:8443,cafile=/etc/pki/ca-trust/source/anchors/ca.crt,v
erify=0,keepalive,reuseaddr



-----Original Message-----
To: openldap-technical
Subject: RE: Socat tcp to local socket



With this I am able to issue just one ldap search on the socket. 
Subsequent queries fail with 'ldap_sasl_bind(SIMPLE): Can't contact LDAP 
server (-1)'

socat -d -d
OPENSSL:192.168.10.18:8443,cafile=/etc/openldap/cacerts/ca.crt,verify=0,
keepalive,reuseaddr,ignoreeof
UNIX-LISTEN:/var/run/ldapi,reuseaddr,type=1,ignoreeof

I am just wondering if this is even possible, maybe the tcp connections 
keeps an authorized session? Or ldapi communication is just different? 
If this ldapi communication is different from ldaps. I guess I am only 
left with the options like
- connecting with some forwarded ssh session to the local ldapi server 
socket
- maybe export ldapi with stunnel on the server, and capture it again 
with stunnel/socat
- look into slapd proxy/meta

References:
- RE: Socat tcp to local socket
  - From: "Marc Roos" <M.Roos@f1-outsourcing.eu>

Prev by Date: RE: Socat tcp to local socket
Next by Date: Adding syncprov to running slapd
Index(es):
- Chronological
- Thread