Skip to content

Support Unix sockets (ldapi:// URL scheme) in ldap plugin #17477

New issue
New issue
Open
#17478
Open
Support Unix sockets (ldapi:// URL scheme) in ldap plugin#17477
#17478
Labels
feature requestRequests for new plugin and for new features to existing plugins
@mistotebe

Description

@mistotebe
mistotebe
opened on Aug 14, 2025

Use Case

Rather than set up a user/password for the monitoring user, admins often allow a certain uid/group to read the monitor DB. This needs:

  • access over UNIX sockets (ldapi://)
  • EXTERNAL SASL bind (which instructs the server to examine the connection, e.g. TLS client certs or UNIX socket credentials message)

Both are supported in go-ldap, just need to be enabled in the plugin (+config)

Expected behavior

Something like this should be possible with the plugin:

server = "ldapi:///"
bind_method = "EXTERNAL"

Actual behavior

Only TCP sockets + simple binds are supported right now.

Additional info

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    feature requestRequests for new plugin and for new features to existing plugins

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions