slapd does not listen on IPv6 by default

[telmich]

Running osixia/openldap:1.5.0 in an IPv6 only k8s clusters results into:

root@l2-openldap-85fd8646cf-h58r4:/# ss -ln
Netid   State    Recv-Q    Send-Q              Local Address:Port            Peer Address:Port   
nl      UNCONN   0         0                               0:0                           *       
nl      UNCONN   768       0                               4:0                           *       
nl      UNCONN   4352      0                               4:205                         *       
nl      UNCONN   0         0                               9:0                           *       
nl      UNCONN   0         0                              10:0                           *       
nl      UNCONN   0         0                              12:0                           *       
nl      UNCONN   0         0                              15:0                           *       
nl      UNCONN   0         0                              16:0                           *       
u_str   LISTEN   0         1024         /var/run/slapd/ldapi 194072967                  * 0      
tcp     LISTEN   0         511                       0.0.0.0:80                   0.0.0.0:*      
tcp     LISTEN   0         1024                      0.0.0.0:636                  0.0.0.0:*      
tcp     LISTEN   0         1024                      0.0.0.0:389                  0.0.0.0:*      
tcp     LISTEN   0         511                          [::]:80                      [::]:*      
root@l2-openldap-85fd8646cf-h58r4:/# 

(port 80 is served by the ungleich-nginx container handling letsencrypt)

[telmich]

This seems to be the source of the problem:

ETC_HOSTS=$(cat /etc/hosts | sed "/$HOSTNAME/d")
echo "0.0.0.0 $FQDN_PARAM $HOSTNAME" > /etc/hosts
echo "$ETC_HOSTS" >> /etc/hosts

exit 0

From root@l2-openldap-85fd8646cf-h58r4:/container/run# cat startup/slapd

[telmich]

Just starting slapd with

slapd -h ldaps://

binds correctly:

root@l2-openldap-85fd8646cf-h58r4:/container/run# slapd -h ldaps://
root@l2-openldap-85fd8646cf-h58r4:/container/run# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  23452 13128 ?        Ss   15:09   0:00 /usr/bin/python3 -u /container/t
openldap   175  0.0  0.0 1251476 15776 ?       Sl   15:09   0:00 /usr/sbin/slapd -h ldap://l2-ope
root       180  0.0  0.0   7000  3900 pts/0    Ss   15:10   0:00 bash
root       224  0.0  0.0 1166476 5872 ?        Ssl  15:44   0:00 slapd -h ldaps://
root       227  0.0  0.0  10640  3224 pts/0    R+   15:44   0:00 ps aux
root@l2-openldap-85fd8646cf-h58r4:/container/run# ss -lnp
Netid                State                 Recv-Q                Send-Q                                      Local Address:Port                                    Peer Address:Port                
nl                   UNCONN                0                     0                                                       0:0                                                   *                    
nl                   UNCONN                4352                  0                                                       4:228                                                 *                    
nl                   UNCONN                768                   0                                                       4:0                                                   *                    
nl                   UNCONN                0                     0                                                       9:0                                                   *                    
nl                   UNCONN                0                     0                                                      10:0                                                   *                    
nl                   UNCONN                0                     0                                                      12:0                                                   *                    
nl                   UNCONN                0                     0                                                      15:0                                                   *                    
nl                   UNCONN                0                     0                                                      16:0                                                   *                    
u_str                LISTEN                0                     1024                                 /var/run/slapd/ldapi 194072967                                          * 0                   
tcp                  LISTEN                0                     511                                               0.0.0.0:80                                           0.0.0.0:*                   
tcp                  LISTEN                0                     1024                                              0.0.0.0:636                                          0.0.0.0:*                   
tcp                  LISTEN                0                     1024                                              0.0.0.0:389                                          0.0.0.0:*                   
tcp                  LISTEN                0                     511                                                  [::]:80                                              [::]:*                   
tcp                  LISTEN                0                     1024                                                 [::]:636                                             [::]:*                    users:(("slapd",pid=224,fd=6))
root@l2-openldap-85fd8646cf-h58r4:/container/run# 

[telmich]

I suggest to bind on ldap://, ldaps:// and ldapi:// by default - would that be an accepted patch?

[telmich]

@BertrandGouny do you think such a patch would be ok to get in?