rroemhild / docker-test-openldap Goto Github PK
View Code? Open in Web Editor NEWDocker OpenLDAP Server for testing LDAP applications
License: MIT License
Docker OpenLDAP Server for testing LDAP applications
License: MIT License
User Search Base is "ou=people,dc=planetexpress,dc=com", but what is the one for Groups? It doesn't seem to be indicated in the readme file. Thanks!
Hi,
I was trying to test locally scenario of disabling users that hasn't logged on for a while via AD based on lastLogonTimestamp
Though, after login via LDAP (ldapsearch and python client), I can see that in list of attributes
I guess this is the AD setting
Any quick fix to enable this or code change that can be done?
P.S: I've seen on the web that this timestamp can lag and is not always the most reliable. But, as there are not many other alternatives to do this via LDAP, still want to try this approach. Poweshell on server is not an option at the moment
Thanks!
Hello, thanks for this docker image. I'm now using it to test a draft R package LDAP client here. On local windows machine, the few integration tests i've run work, but on Travis-CI (see https://travis-ci.org/eblondel/ldap4R), on linux OS, the LDAP request to list of person objects:
ldap://localhost:389/dc=planetexpress,dc=com?uid,cn,sn,givenName,mail,title,ou,employeeType,objectClass?sub?(objectClass=person)
retrieves only the first person:
DN: cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: Amy Wong
sn: Kroker
givenName: Amy
mail: [email protected]
ou: Intern
uid: amy
instead of the 7 persons listed in the test ldap.
Any idea what is wrong?
First of all, thanks for this container. This whole LDAP stuff is new for me, and having a working out of the box soluition is great for learning purposes.
I am connecting to this container with Apache Directory Studio, and I think there's an error in ship_crew
group reference to Bender: it uses DN cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com
- notice the usage of í
(U+00ED) in Rodríguez
. However, actual DN of Bender is cn=Bender Bending Rodriguez,ou=people,dc=planetexpress,dc=com
(uses latin i
(U+0069)).
On unrelated note, ADS shows that Bender has two cn
s, not sure if this is intentional:
From the latest git repo, I am getting an issue when attempting to build the container locally.
612006e7 @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $
ldap-test | Debian OpenLDAP Maintainers <[email protected]>
ldap-test | 612006e7 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
ldap-test | 612006e7 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
ldap-test | 612006e7 slapd stopped.
I have not changed anything aside from altering the docker-compose.yml
version: '2'
services:
ldap:
container_name: ldap-test
# use the image tag to pull directly from the repo
# image: rroemhild/test-openldap
environment:
LDAP_FORCE_STARTTLS: "false"
LDAP_DOMAIN: "planetexpress.com"
LDAP_BASEDN: "dc=planetexpress,dc=com"
LDAP_ORGANISATION: "Planet Express, Inc."
LDAP_BINDDN: "cn=admin,dc=planetexpress,dc=com"
# use build tag to use the local repo
build:
context: ./
dockerfile: ./Dockerfile
ports:
- '10389:10389'
- '10636:10636'
volumes:
- data_volume:/var/lib/ldap/
volumes:
data_volume:
Any insight would be appreciated.
Hey,
I've tried a few alternative dockerized ldap images, this one is actually working out of the box with an planetexpress.com
-> localhost
mapping in /etc/hosts
.
Is there a better way to be able to use this from TestContainers with localhost
?
And is there a convenient way to load our own ldif
, instead of the provided one?
Thanks!
050-openldap-populate appears to configure the memberOf overlay, then create the users and groups afterwards, but when I query my docker container for all users, I don't see a memberOf
attribute on any of them.
docker run -d --rm -p 10389:10389 -p 10636:10636 rroemhild/test-openldap
ldapsearch -H ldap://localhost:10389 -x -b "ou=people,dc=planetexpress,dc=com" -D "cn=admin,dc=planetexpress,dc=com" -w GoodNewsEveryone "(objectClass=inetOrgPerson)"
See that none of the users have a memberOf attribute.
Did I miss something? Sorry I'm a bit of a LDAP novice, I'm using this container to test LDAP integration from my application.
When creating a new container using the run command provided in the README file, the following log entries appear:
starting slapd on port 389 and 636
@(#)$OpenLDAP: slapd (Aug 10 2019 19:17:00) $
Debian OpenLDAP Maintainers [email protected]
hdb_db_open: database "dc=planetexpress,dc=com": unclean shutdown detected; attempting recovery
slapd starting
After this no new log entries appear even after waiting over 15 minutes. I am never able to communicate with the server.
I have been trying to disable TLS version below 1.2. Is it possible with this project?
6086ad42 conn=1010 fd=16 ACCEPT from IP=127.0.0.1:36908 (IP=0.0.0.0:10389)
6086ad42 conn=1010 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128
6086ad42 conn=1010 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0
6086ad42 conn=1010 op=0 RESULT tag=97 err=0 text=
6086ad42 conn=1010 op=1 SRCH base="cn=admin,dc=planetexpress,dc=com" scope=2 deref=0 filter="(objectClass=)"
6086ad42 conn=1010 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
6086ad42 conn=1010 op=2 UNBIND
6086ad42 conn=1010 fd=16 closed
6086ad61 conn=1011 fd=16 ACCEPT from IP=127.0.0.1:36914 (IP=0.0.0.0:10389)
6086ad61 conn=1011 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128
6086ad61 conn=1011 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0
6086ad61 conn=1011 op=0 RESULT tag=97 err=0 text=
6086ad61 conn=1011 op=1 SRCH base="cn=admin,dc=planetexpress,dc=com" scope=2 deref=0 filter="(objectClass=)"
6086ad61 conn=1011 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
6086ad61 conn=1011 op=2 UNBIND
6086ad61 conn=1011 fd=16 closed
We build the actual state of the repo planing to make some small changes in the user/group structure.
When starting the image with no modifications slapd fails:
openldap | 6310a7c3 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
openldap | Debian OpenLDAP Maintainers <[email protected]>
openldap | 6310a7c4 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
openldap | 6310a7c4 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
openldap | 6310a7c4 slapd stopped.
Today (20.10.2023) I cleaned up my local Docker environment, to have no images containters, etc. anymore locally stored.
Then I pulled the image as describes in the README.md
:
me@p1 ~ $ docker pull ghcr.io/rroemhild/docker-test-openldap:master
master: Pulling from rroemhild/docker-test-openldap
b70638ed4228: Pull complete
96974b0f0ecd: Pull complete
77383923a5ff: Pull complete
a779bd113371: Pull complete
72fd08669cc4: Pull complete
Digest: sha256:ae2e3337a3f18db89e17c9f0531bbdd8bb91bd0730e8265fa56fbd7d78d4d9e2
Status: Downloaded newer image for ghcr.io/rroemhild/docker-test-openldap:master
ghcr.io/rroemhild/docker-test-openldap:master
After that I started the Container with:
me@p1 ~ $ docker run --rm -p 10389:10389 -p 10636:10636 ghcr.io/rroemhild/docker-test-openldap:master
The result is that the start of slapd
fails with a core dump, see:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 000-slapd-package-config: executing...
Reconfigure slapd...
+ echo 'Reconfigure slapd...'
+ cat
+ debconf-set-selections
+ DEBIAN_FRONTEND=noninteractive
+ dpkg-reconfigure slapd
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u7... done.
Moving old database directory to /var/backups:
- directory unknown... done.
Creating initial configuration... done.
Creating LDAP directory... done.
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
[cont-init.d] 000-slapd-package-config: exited 0.
[cont-init.d] 010-tls-certificates: executing...
Make self-signed certificate for planetexpress.com...
+ [[ -f /etc/ldap/ssl/ldap.key ]]
+ echo 'Make self-signed certificate for planetexpress.com...'
+ openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt
Generating a RSA private key
...............................................................+++++
..........+++++
writing new private key to '/etc/ldap/ssl/ldap.key'
-----
+ chmod 600 /etc/ldap/ssl/ldap.key
[cont-init.d] 010-tls-certificates: exited 0.
[cont-init.d] 020-filesystem-perms: executing...
+ chown -R openldap:openldap /etc/ldap
[cont-init.d] 020-filesystem-perms: exited 0.
[cont-init.d] 050-openldap-populate: executing...
+ slapd -h ldapi:/// -u openldap -g openldap
[cont-init.d] 050-openldap-populate: exited 1.
[cont-init.d] done.
[services.d] starting services
starting slapd
[services.d] done.
653247b6 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
Debian OpenLDAP Maintainers <[email protected]>
653247b8 ch_calloc of 1073741816 elems of 704 bytes failed
slapd: ../../../../servers/slapd/ch_malloc.c:107: ch_calloc: Assertion `0' failed.
./run: line 4: 327 Aborted (core dumped) /usr/sbin/slapd -h "ldapi:/// ldap://0.0.0.0:10389 ldaps://0.0.0.0:10636" -d 256
starting slapd
653247e6 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
Debian OpenLDAP Maintainers <[email protected]>
653247e8 ch_calloc of 1073741816 elems of 704 bytes failed
slapd: ../../../../servers/slapd/ch_malloc.c:107: ch_calloc: Assertion `0' failed.
On occasion, some of our tests that use this Docker image fail due to a race condition that exists in the /etc/cont-init.d/050-openldap-populate
script. This condition is somewhat rare, but it does contribute to failures in some of our most flaky tests.
In the 050-openldap-populate script (referred to as SCRIPT from here on in), the LDAP server is started with the slapd -h "ldapi:///" -u openldap -g openldap
command and then the configure_msad_features function is invoked. That function contains an echo statement and then executes this command: ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR}/msad.ldif -Q
. On some occasions, where presumably the GitHub runners that we are using are overloaded, we can capture this output from the Docker container running this image:
2024-06-18T21:25:37.600523518Z [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
2024-06-18T21:25:37.792060071Z [s6-init] ensuring user provided files have correct perms...exited 0.
2024-06-18T21:25:37.795724762Z [fix-attrs.d] applying ownership & permissions fixes...
2024-06-18T21:25:37.806944065Z [fix-attrs.d] done.
2024-06-18T21:25:37.813947029Z [cont-init.d] executing container initialization scripts...
2024-06-18T21:25:37.821652710Z [cont-init.d] 000-slapd-package-config: executing...
2024-06-18T21:25:37.827773436Z + echo 'Reconfigure slapd...'
2024-06-18T21:25:37.827892462Z Reconfigure slapd...
2024-06-18T21:25:37.828447892Z + debconf-set-selections
2024-06-18T21:25:37.828944220Z + cat
2024-06-18T21:25:37.963064170Z + DEBIAN_FRONTEND=noninteractive
2024-06-18T21:25:37.963096642Z + dpkg-reconfigure slapd
2024-06-18T21:25:38.132817191Z Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u7... done.
2024-06-18T21:25:38.134897675Z Moving old database directory to /var/backups:
2024-06-18T21:25:38.150842147Z - directory unknown... done.
2024-06-18T21:25:38.215515767Z Creating initial configuration... done.
2024-06-18T21:25:38.335932077Z Creating LDAP directory... done.
2024-06-18T21:25:38.353411954Z invoke-rc.d: could not determine current runlevel
2024-06-18T21:25:38.362586156Z invoke-rc.d: policy-rc.d denied execution of restart.
2024-06-18T21:25:38.417781107Z [cont-init.d] 000-slapd-package-config: exited 0.
2024-06-18T21:25:38.428640931Z [cont-init.d] 010-tls-certificates: executing...
2024-06-18T21:25:38.433227493Z Make self-signed certificate for planetexpress.com...
2024-06-18T21:25:38.433285086Z + [[ -f /etc/ldap/ssl/ldap.key ]]
2024-06-18T21:25:38.434368875Z + echo 'Make self-signed certificate for planetexpress.com...'
2024-06-18T21:25:38.434376265Z + openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt
2024-06-18T21:25:38.438796858Z Generating a RSA private key
2024-06-18T21:25:38.469321748Z .............................................+++++
2024-06-18T21:25:38.487181626Z ........................+++++
2024-06-18T21:25:38.487420649Z writing new private key to '/etc/ldap/ssl/ldap.key'
2024-06-18T21:25:38.487513484Z -----
2024-06-18T21:25:38.490841946Z + chmod 600 /etc/ldap/ssl/ldap.key
2024-06-18T21:25:38.496541338Z [cont-init.d] 010-tls-certificates: exited 0.
2024-06-18T21:25:38.508690273Z [cont-init.d] 020-filesystem-perms: executing...
2024-06-18T21:25:38.513116365Z + chown -R openldap:openldap /etc/ldap
2024-06-18T21:25:38.682975972Z [cont-init.d] 020-filesystem-perms: exited 0.
2024-06-18T21:25:38.707501044Z [cont-init.d] 050-openldap-populate: executing...
2024-06-18T21:25:38.728119862Z + slapd -h ldapi:/// -u openldap -g openldap
2024-06-18T21:25:39.159486831Z + configure_msad_features
2024-06-18T21:25:39.159705233Z + echo 'Configure MS-AD Extensions'
2024-06-18T21:25:39.159715374Z + ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/openldap/bootstrap/config/msad.ldif -Q
2024-06-18T21:25:39.159767837Z Configure MS-AD Extensions
2024-06-18T21:25:39.165172292Z ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
2024-06-18T21:25:39.175830996Z [cont-init.d] 050-openldap-populate: exited 255.
2024-06-18T21:25:39.177517108Z [cont-init.d] done.
2024-06-18T21:25:39.181471175Z [services.d] starting services
2024-06-18T21:25:39.208770029Z starting slapd
2024-06-18T21:25:39.215196060Z 6671fb53 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
2024-06-18T21:25:39.215214791Z Debian OpenLDAP Maintainers <[email protected]>
2024-06-18T21:25:39.221658274Z [services.d] done.
2024-06-18T21:25:39.643752375Z 6671fb53 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
2024-06-18T21:25:39.643883763Z 6671fb53 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
2024-06-18T21:25:39.644065383Z 6671fb53 slapd stopped.
2024-06-18T21:25:40.202778182Z starting slapd
2024-06-18T21:25:40.208287133Z 6671fb54 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
2024-06-18T21:25:40.208304754Z Debian OpenLDAP Maintainers <[email protected]>
2024-06-18T21:25:40.591516907Z 6671fb54 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
2024-06-18T21:25:40.591640264Z 6671fb54 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
2024-06-18T21:25:40.591978003Z 6671fb54 slapd stopped.
(... the slapd service continues to be started only to immediately fail)
The logs suggest that the ldapmodify command began executing before the LDAP server was ready to accept connections. Furthermore, because the e
option is set in this Bash script, the failure of the ldapmodify command causes an immediate exit of the script, which leaves the LDAP server running and causes the endless loop of restarts of the slapd service.
# Hubert J. Farnsworth, people, planetexpress.com
dn: cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Hubert J. Farnsworth
sn: Farnsworth
description: Human
displayName: Professor Farnsworth
employeeType: Owner
employeeType: Founder
givenName: Hubert
mail: [email protected]
mail: [email protected]
ou: Office Management
title: Professor
uid: professor
userPassword:: e3NzaGF9azRDRS9ta3Frb3NFampzVkhJWEhGMTFaU0h6ZVExUzdhdnQveWc9PQ=
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userSearchFilter("(uid={0})")
.userSearchBase("ou=people")
.groupSearchFilter("(member={0})")
.groupSearchBase("ou=people")
.groupRoleAttribute("cn")
.contextSource()
.url("ldap://localhost:10389/dc=planetexpress,dc=com")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
@Bean
BindAuthenticator authenticator(BaseLdapPathContextSource contextSource) {
BindAuthenticator authenticator = new BindAuthenticator(contextSource);
authenticator.setUserSearch(new FilterBasedLdapUserSearch("ou=people", "(&(uid={0})(objectClass=inetOrgPerson))", contextSource));
return authenticator;
}
When I try to login using professor: professor username and password, I get this error:
java.lang.NullPointerException: Cannot invoke "String.startsWith(String)" because "encPass" is null
It looks like a LdapShaPasswordEncoder, but it doesn't work.
I'm trying to build the image locally for this project from the master branch, the only changes I've made is to the docker-compose file to simplify it:
version: '2'
services:
ldap:
image: my-local-ldap
build:
context: ./
dockerfile: ./Dockerfile
When I try and run the resulting image I keep getting the following Error in the container logs:
: No such file or directory bash
when trying to run the s6-overlay
I've looked at the information on s6 and I've even trying upgrading to v3 but still getting this error, do you know how to get past it?
Below is the log output for the container
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 000-slapd-package-config: executing...
: No such file or directory bash
[cont-init.d] 000-slapd-package-config: exited 127.
[cont-init.d] 010-tls-certificates: executing...
: No such file or directory bash
[cont-init.d] 010-tls-certificates: exited 127.
[cont-init.d] 020-filesystem-perms: executing...
: No such file or directory bash
[cont-init.d] 020-filesystem-perms: exited 127.
[cont-init.d] 050-openldap-populate: executing...
: No such file or directory bash
[cont-init.d] 050-openldap-populate: exited 127.
[cont-init.d] done.
[services.d] starting services
: No such file or directory bash
[services.d] done.
: No such file or directory bash
: No such file or directory bash
After building the container locally, I had the same issue as #42 and could solve that with https://github.com/jskacel 's proposal:
https://github.com/rroemhild/docker-test-openldap/blob/master/rootfs/opt/openldap/bootstrap/config/tls.ldif#L3-L5
However, the script broke again:
Load data...
++ find /opt/openldap/bootstrap/data -maxdepth 1 -name '*_*.ldif' -type f
++ sort
Processing file /opt/openldap/bootstrap/data/00_people.ldif...
[...]
/opt/openldap/bootstrap/data/30_groups_crew.ldif'
+ for ldif in ${data}
+ echo 'Processing file /opt/openldap/bootstrap/data/00_people.ldif...'
/var/run/s6/etc/cont-init.d/050-openldap-populate: line 43: LDAP_BASEDN: unbound variable
[cont-init.d] 050-openldap-populate: exited 1.
[cont-init.d] done.
[services.d] starting services
starting slapd
[services.d] done.
65002ed6 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
Debian OpenLDAP Maintainers <[email protected]>
65002ed6 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
65002ed6 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
65002ed6 slapd stopped.
It fails because variables LDAP_BASEDN
and LDAP_DOMAIN
are not set, but script /rootfs/etc/cont-init.d/050-openldap-populate
references them.
Reason is the set -eux
on top which makes every non-set variable an error.
Therefore the script breaks and does not stop the database, which, as consequence, raises the database already in use
error.
I will file a pull request for that.
Hello, looks like memberof configuration is not populating under user records. Is that expected or is there anything needed to be done to get that to work?
Please merge #21 ASAP.
CI stages based on your latest image are broken, and we can't rollback, as only latest
image is provided on DockerHub.
Thank you.
The password for the Amy Wong user is set to hermes
instead of amy
.
Since image was not rebuild for quite some time the cert is expired.
openldap@e87d0829de15:/etc/ldap/ssl$ openssl x509 -text -noout -in ldap.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3c:2a:b4:e1:3b:c5:8f:c9:8e:0c:f3:99:5c:03:bb:fc:09:9d:1b:69
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = planetexpress.com
Validity
Not Before: Mar 11 13:28:52 2021 GMT
Not After : Mar 11 13:28:52 2022 GMT
Hi
I would like to add a custom String attribute for a person. Is this somehow possible. I just found the msad.ldif
file but no luck yet.
Regards
I am fairly confident this is an issue with my setup, but I am struggling to get this setup and working. We are really wanting to use this for our integration testing of our project.
I have the container running on my Intel Mac. It seems to be running fine. I started it with the command line provided, and it is using port 389.
The port is in use:
$ lsof -i:389
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
com.docke 37827 xxxxxx 187u IPv6 0x35efde1bfd4dcf0d 0t0 TCP *:ldap (LISTEN)
I see logs every minute (which seems to indicate it is running):
2023-07-21 12:54:49 64bab859 conn=1046 fd=16 ACCEPT from IP=127.0.0.1:53282 (IP=0.0.0.0:10389)
2023-07-21 12:54:49 64bab859 conn=1046 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128
2023-07-21 12:54:49 64bab859 conn=1046 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0
2023-07-21 12:54:49 64bab859 conn=1046 op=0 RESULT tag=97 err=0 text=
2023-07-21 12:54:49 64bab859 conn=1046 op=1 SRCH base="cn=admin,dc=planetexpress,dc=com" scope=2 deref=0 filter="(objectClass=*)"
2023-07-21 12:54:49 64bab859 conn=1046 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
2023-07-21 12:54:49 64bab859 conn=1046 op=2 UNBIND
2023-07-21 12:54:49 64bab859 conn=1046 fd=16 closed
However, when I attempt a simple ldapsearch, I get an error. I have tried several variations.
$ ldapsearch -x -b "dc=planetexpress,dc=com" -h localhost -p 389 -D "cn=admin,dc=planetexpress,dc=com" -W "(&(objectClass=person))"
Enter LDAP Password:
ldap_result: Can't contact LDAP server (-1)
I also tried (which I found in an older issue here):
$ ldapsearch -x -h localhost -p 389 -D "cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com" -w "professor" -b "dc=planetexpress,dc=com" -s sub '(objectClass=*)' givenName
ldap_result: Can't contact LDAP server (-1)
I apologize for opening the issue for a case when I am confident I am doing something wrong, but I am not sure where to go from here.
Hi, is possible to enable the gidNumber to users?
Thanks.
I cannot connect to LDAPS port 636 from outside the running container.
It's working "fine" (meaning I can at least get the SSL certificate error) but connection is refused when I try this from my host machine (running Docker on Mac).
This works fine when using plain LDAP over the port 389.
I'm running a fork of this project which is basically the same thing with some more imported data: https://github.com/empear-analytics/docker-test-openldap/
Steps:
openssl s_client -connect localhost:636
=> 'Connection refused'docker container exec -i -t 3002217f0b0f /bin/bash
openssl s_client -connect localhost:636
... lots of certificates data...
I've noticed that port 636 should be exposed too but don't know why it's not possible to connect to it.
Also tried ldapsearch
command to debug the issue but since it gets cut off at the very beginning I couldn't get much details:
ldapsearch -d1 -H ldaps://localhost -b dc=mycompany,dc=local -D cn=admin,dc=planetexpress,dc=com -W "(cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com)"
ldap_url_parse_ext(ldaps://localhost)
ldap_create
ldap_url_parse_ext(ldaps://localhost:636/??base)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:636
ldap_new_socket: 5
ldap_prepare_socket: 5
ldap_connect_to_host: Trying ::1 636
ldap_pvt_connect: fd: 5 tm: -1 async: 0
ldap_close_socket: 5
ldap_new_socket: 5
ldap_prepare_socket: 5
ldap_connect_to_host: Trying 127.0.0.1:636
ldap_pvt_connect: fd: 5 tm: -1 async: 0
ldap_close_socket: 5
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
tlsst_destroy()
Thank you for this useful image! I have a feature request. Could you build a version for arm architecture (macos)?
Cloned the repo and ran the docker-compose.yml
file.
Building the container works OK.
Running the container results in the following output:
6018230b @(#) $OpenLDAP: slapd (Nov 17 2020 01:23:45) $
Debian OpenLDAP Maintainers <[email protected]>
6018230b olcBackend: value #0: <olcBackend> failed init (mdb)!
6018230b config error processing olcBackend={0}mdb,cn=config: <olcBackend> failed init
6018230b slapd stopped
6018230b connections_destroy: nothing to destroy
Reconfigure slapd...
+ echo 'Reconfigure slapd...'
+ cat
+ debconf-set-selections
+ DEBIAN_FRONTEND=noninteractive
+ dpkg-reconfigure slapd
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u7... done.
Moving old database directory to /var/backups:
Backup path /var/backups/unknown-2.4.47+dfsg-3+deb10u7.ldapdb exists. Giving up...
[cont-init.d] 000-slapd-package-config: exited 1.
[cont-init.d] 010-tls-certificates: executing...
+ [[ -f /etc/ldap/ssl/ldap.key ]]
TLS Certificates already present. Using provided certificates
+ [[ -f /etc/ldap/ssl/ldap.crt ]]
+ echo 'TLS Certificates already present. Using provided certificates'
[cont-init.d] 010-tls-certificates: exited 0.
[cont-init.d] 020-filesystem-perms: executing...
+ chown -R openldap:openldap /etc/ldap
[cont-init.d] 020-filesystem-perms: exited 0.
[cont-init.d] 050-openldap-populate: executing...
+ slapd -h ldapi:/// -u openldap -g openldap
+ configure_msad_features
+ echo 'Configure MS-AD Extensions'
+ ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/openldap/bootstrap/config/msad.ldif -Q
Configure MS-AD Extensions
ldap_modify: Type or value exists (20)
additional info: modify/add: olcAttributeTypes: value #0 already exists
modifying entry "cn={0}core,cn=schema,cn=config"
[cont-init.d] 050-openldap-populate: exited 20.
[cont-init.d] done.
[services.d] starting services
starting slapd
[services.d] done.
6617b7c5 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
Debian OpenLDAP Maintainers <[email protected]>
6617b7c6 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
6617b7c6 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
6617b7c6 slapd stopped.
starting slapd
6617b7c6 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
Debian OpenLDAP Maintainers <[email protected]>
6617b7c7 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
6617b7c7 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
6617b7c7 slapd stopped.
starting slapd
6617b7c7 @(#) $OpenLDAP: slapd (May 14 2022 18:35:44) $
Debian OpenLDAP Maintainers <[email protected]>
6617b7c8 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
6617b7c8 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
6617b7c8 slapd stopped.
I would advise against using VOLUMES
in Dockerfile
, as not all users are interested in having persistency on these paths, and it looks like it is not possible to just ignore them. Without the volumes the error would not happen.
Hi,
I would like to bind using the uid (e.g. professor or even [email protected]).
How do I do that?
Do you have the way to test it with the SSL/TLS connection? Maybe I am doing something wrong because I am getting this log error
TLS: can't accept: A TLS fatal alert has been received..
If you have the line or the way I will really appreciate.
Hi there, thanks for this repo.
I'm trying to execute the below ldapsearch but I always get 32 No such Result, any help would be really appreciated.
ldapsearch -x -h localhost -p 389 -D "cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com" -w "professor" -b "dc=example,dc=com" -s sub '(objectClass=*)' 'givenName=*'
LDAPv3
base <dc=example,dc=com> with scope subtree
filter: (objectClass=)
requesting: givenName=
search result
search: 2
result: 32 No such object
Hello,
I'm a newbie by using docker and openldap and i'm trying to use this project with a J2EE project in localhost. But the project returns an UnknownHostException and I would like to know what is the FQDN I must give for establishing the connection ?
Thank you for your help
For testing purposes, I use this docker container to test LDAP authorization but the documented password is invalid and will result in a error 49 "invalid credentials".
Reproduce:
docker exec <containername> ldapsearch -b "dc=planetexpress,dc=com" -D "uid=professor,dc=planetexpress,dc=com" -h ldap -w professor
Will result in:
ldap_bind: Invalid credentials (49)
Hi, I'm trying to use you docker image to setup a quick ldap authentication !
I did successfully run a container and can access it's data when i login anonymously through phpLDAPadmin, though i cannot access it with my app because it requires a username and a password for the root DN.
Is there a way you could help me with that please ?
Thanks a lot for this repository and for you attention !
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.