Add memberOf using customSchemaFiles: ->ldap_modify: No such object (32)
RaffaelGrob opened this issue · 19 comments
RaffaelGrob commented
Using version 4.1.2, my bitnami container bitnami/openldap 2.6.3 is unwilling to apply the provided schema.
The goal is to add "memberOf" to the LDAP by adding this to the values.yaml.
customSchemaFiles:
00-modules.ldif: |-
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof
olcModuleLoad: refint
01-memberof.ldif: |-
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcConfig
objectClass: olcMemberOf
objectClass: olcOverlayConfig
objectClass: top
olcOverlay: memberof
olcMemberOfDangling: ignore
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfNames
olcMemberOfMemberAD: member
olcMemberOfMemberOfAD: memberOf
02-refint.ldif: |-
dn: olcOverlay=refint,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: refint
olcRefintAttribute: memberof member manager ownerThan, when I apply it, the pod logs the following error and restarts the ldap server. However, the server after the crash doesn't know about its misery and starts in a incomplete configuration.
....
654eaa30.22d06959 0x7f424b308700 conn=1006 op=1 MOD dn="cn=module{0},cn=config"
654eaa30.22d0c32a 0x7f424b308700 conn=1006 op=1 MOD attr=olcModuleLoad
654eaa30.22d180c5 0x7f424b308700 conn=1006 op=1 RESULT tag=103 err=32 qtime=0.000015 etime=0.000103 text=
ldap_modify: No such object (32)
matched DN: cn=config
modifying entry "cn=module{0},cn=config"
....
I'm unsure whether this is a chart problem but I can imagine that other might also like to see the solution when using this chart. I already googled and found input on the bitnami/openldap container project but i can't apply it with this chart.
Do you have any idea what's wrong with the ldif? (or with the chart). Thanks for help!
baobabtr33 commented
I'm facing the same issue.
Could the reason be that configs can't be added via custom ldifs?
The docs says "All internal configuration like cn=config , cn=module{0},cn=config cannot be configured yet."
GabeChurch commented
Trying to do the same thing, been deep diving on it. Still not working.
From the base image side at least it should be doable. bitnami/containers#982
GabeChurch commented
I figured it out finally, this is how you do it
customSchemaFiles:
#enable memberOf ldap search functionality, users automagically track groups they belong to
00-modules.ldif: |-
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof
olcModuleLoad: refint
01-memberof.ldif: |-
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcMemberOf
objectClass: olcOverlayConfig
olcOverlay: memberof
olcMemberOfRefInt: TRUE
olcMemberOfGroupOC: groupOfUniqueNames
olcMemberOfMemberAD: uniqueMember
olcMemberOfMemberOfAD: memberOf
refint.ldif: |-
dn: olcOverlay=refint,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: refint
olcRefintAttribute: memberof uniqueMember manager owner
seang96 commented
Only adding the custom schema files does not appear to do anything for me. Could you show the rest of your configuration?
jp-gouin commented
Hi @seang96
I just tested the following configuration:
customSchemaFiles:
#enable memberOf ldap search functionality, users automagically track groups they belong to
00-memberof.ldif: |-
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof
01-memberof.ldif: |-
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefint: TRUE
customLdifFiles:
00-root.ldif: |-
# Root creation
dn: dc=example,dc=org
objectClass: dcObject
objectClass: organization
o: Example, Inc
01-default-user.ldif: |-
dn: cn=Jean Dupond,dc=example,dc=org
cn: Jean Dupond
gidnumber: 500
givenname: Jean
homedirectory: /home/users/jdupond
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Dupond
uid: jdupond
uidnumber: 1000
userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
02-default-group.ldif: |-
dn: cn=myGroup,dc=example,dc=org
cn: myGroup
gidnumber: 500
objectclass: posixGroup
objectclass: top
add: memberUid
memberUid: jdupond
03-test-memberof.ldif: |-
dn: ou=Group,dc=example,dc=org
objectclass: organizationalUnit
ou: Group
dn: ou=People,dc=example,dc=org
objectclass: organizationalUnit
ou: People
dn: uid=test1,ou=People,dc=example,dc=org
objectclass: account
uid: test1
dn: cn=testgroup,ou=Group,dc=example,dc=org
objectclass: groupOfNames
cn: testgroup
member: uid=test1,ou=People,dc=example,dc=org
Run:
LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://127.0.0.1:1636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)"
You should get :
# extended LDIFemberOf=cn=testgroup,ou=Group,dc=example,dc=org)"1636 -b 'dc=examp
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (memberOf=cn=testgroup,ou=Group,dc=example,dc=org)
# requesting: ALL
#
# test1, People, example.org
dn: uid=test1,ou=People,dc=example,dc=org
objectClass: account
uid: test1
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Let me know if this is working for you, i'll update the advanced configuration and I'll plan to add an enabler in the values to ease the configuration
seang96 commented
Looks like it did not work for me. I started namespace / helm install from scratch with no PVC.
LDAP response:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (memberOf=cn=testgroup,ou=Group,dc=example,dc=org)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
Helm install info:
NAME: ldap
CHART: openldap-stack-ha
VERSION: 4.1.2
APP_VERSION: 2.6.3
NAMESPACE: ldap
REVISION: 1
STATUS: deployed
DEPLOYED_AT: 2023-12-20T00:18:06-05:00
Initial startup logs: (It fails to import everything, database is not a shadow)
05:18:22.38 INFO ==> ** Starting LDAP setup **
05:18:22.45 INFO ==> Validating settings in LDAP_* env vars
05:18:22.53 INFO ==> Initializing OpenLDAP...
05:18:22.53 DEBUG ==> Ensuring expected directories/files exist...
05:18:22.57 INFO ==> Creating LDAP online configuration
05:18:22.62 INFO ==> Starting OpenLDAP server in background
6582791e.26117108 0x7fadb4437740 @(#) $OpenLDAP: slapd 2.6.3 (Jan 17 2023 16:44:38) $
@a34c3898a374:/bitnami/blacksmith-sandox/openldap-2.6.3/servers/slapd
6582791e.3015e635 0x7fadb4437740 slapd starting
05:18:23.63 INFO ==> Configure LDAP credentials for admin user
SASL/EXTERNAL authentication started
6582791f.26ae0da4 0x7fadb2bfe700 conn=1000 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.26af6c7c 0x7fadb2bfe700 conn=1000 op=0 BIND dn="" method=163
6582791f.26b012e7 0x7fadb2bfe700 conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.26b080da 0x7fadb2bfe700 conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.26b10714 0x7fadb2bfe700 conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000005 etime=0.000123 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.26b3f8e0 0x7fadb23fd700 conn=1000 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
6582791f.26b4a5d7 0x7fadb23fd700 conn=1000 op=1 MOD attr=olcSuffix
6582791f.26bfc1b4 0x7fadb23fd700 conn=1000 op=1 RESULT tag=103 err=0 qtime=0.000019 etime=0.000818 text=
6582791f.26c171d9 0x7fadb2bfe700 conn=1000 op=2 MOD dn="olcDatabase={2}mdb,cn=config"
6582791f.26c1f258 0x7fadb2bfe700 conn=1000 op=2 MOD attr=olcRootDN
6582791f.283becd6 0x7fadb2bfe700 conn=1000 op=2 RESULT tag=103 err=0 qtime=0.000012 etime=0.024828 text=
6582791f.283dc816 0x7fadb23fd700 conn=1000 op=3 MOD dn="olcDatabase={2}mdb,cn=config"
6582791f.283e4137 0x7fadb23fd700 conn=1000 op=3 MOD attr=olcRootPW
6582791f.29078232 0x7fadb23fd700 conn=1000 op=3 RESULT tag=103 err=0 qtime=0.000011 etime=0.013242 text=
6582791f.2909f07e 0x7fadb2bfe700 conn=1000 op=4 MOD dn="olcDatabase={1}monitor,cn=config"
6582791f.290a8cd2 0x7fadb2bfe700 conn=1000 op=4 MOD attr=olcAccess
6582791f.29140d8b 0x7fadb2bfe700 conn=1000 op=4 RESULT tag=103 err=0 qtime=0.000027 etime=0.000706 text=
6582791f.291656bd 0x7fadb23fd700 conn=1000 op=5 MOD dn="olcDatabase={0}config,cn=config"
6582791f.2916dff7 0x7fadb23fd700 conn=1000 op=5 MOD attr=olcRootDN
6582791f.29203ff3 0x7fadb23fd700 conn=1000 op=5 RESULT tag=103 err=0 qtime=0.000015 etime=0.000688 text=
6582791f.2922866b 0x7fadb2bfe700 conn=1000 op=6 MOD dn="olcDatabase={0}config,cn=config"
6582791f.29231cbe 0x7fadb2bfe700 conn=1000 op=6 MOD attr=olcRootPW
6582791f.2a0d44b9 0x7fadb2bfe700 conn=1000 op=6 RESULT tag=103 err=0 qtime=0.000011 etime=0.015408 text=
6582791f.2a0f7ea4 0x7fadb23fd700 conn=1000 op=7 UNBIND
6582791f.2a107ca2 0x7fadb23fd700 conn=1000 fd=12 closed
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={1}monitor,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
05:18:23.70 INFO ==> Configuring TLS
SASL/EXTERNAL authentication started
6582791f.2a70bfcb 0x7fadb2bfe700 conn=1001 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2a716dda 0x7fadb23fd700 conn=1001 op=0 BIND dn="" method=163
6582791f.2a71ee9f 0x7fadb23fd700 conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2a722830 0x7fadb23fd700 conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2a7276c2 0x7fadb23fd700 conn=1001 op=0 RESULT tag=97 err=0 qtime=0.000009 etime=0.000080 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2a74cbb0 0x7fadb2bfe700 conn=1001 op=1 MOD dn="cn=config"
6582791f.2a750e41 0x7fadb2bfe700 conn=1001 op=1 MOD attr=olcTLSCACertificateFile olcTLSCertificateFile olcTLSCertificateKeyFile
6582791f.2a8b80e8 0x7fadb2bfe700 conn=1001 op=1 RESULT tag=103 err=0 qtime=0.000010 etime=0.001511 text=
modifying entry "cn=config"
6582791f.2a8e59e1 0x7fadb23fd700 conn=1001 op=2 UNBIND
6582791f.2a8f22f2 0x7fadb23fd700 conn=1001 fd=12 closed
05:18:23.71 INFO ==> Adding LDAP extra schemas
SASL/EXTERNAL authentication started
6582791f.2b251f70 0x7fadb2bfe700 conn=1002 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2b263b2b 0x7fadb23fd700 conn=1002 op=0 BIND dn="" method=163
6582791f.2b271c3e 0x7fadb23fd700 conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2b276ba2 0x7fadb23fd700 conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2b27f1dc 0x7fadb23fd700 conn=1002 op=0 RESULT tag=97 err=0 qtime=0.000010 etime=0.000121 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2b316bc4 0x7fadb2bfe700 conn=1002 op=1 ADD dn="cn=cosine,cn=schema,cn=config"
6582791f.2b48eddf 0x7fadb2bfe700 conn=1002 op=1 RESULT tag=105 err=0 qtime=0.000014 etime=0.001589 text=
6582791f.2b4a3db6 0x7fadb2bfe700 conn=1002 op=2 UNBIND
6582791f.2b4ab7a9 0x7fadb2bfe700 conn=1002 fd=12 closed
adding new entry "cn=cosine,cn=schema,cn=config"
SASL/EXTERNAL authentication started
6582791f.2b8c255c 0x7fadb23fd700 conn=1003 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2b8d1988 0x7fadb2bfe700 conn=1003 op=0 BIND dn="" method=163
6582791f.2b8dcbf4 0x7fadb2bfe700 conn=1003 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2b8e688d 0x7fadb2bfe700 conn=1003 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2b8ed07f 0x7fadb2bfe700 conn=1003 op=0 RESULT tag=97 err=0 qtime=0.000010 etime=0.000123 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2b936ee4 0x7fadb23fd700 conn=1003 op=1 ADD dn="cn=inetorgperson,cn=schema,cn=config"
6582791f.2b9bd128 0x7fadb23fd700 conn=1003 op=1 RESULT tag=105 err=0 qtime=0.000010 etime=0.000581 text=
6582791f.2b9d1844 0x7fadb2bfe700 conn=1003 op=2 UNBIND
6582791f.2b9dd4c9 0x7fadb2bfe700 conn=1003 fd=12 closed
adding new entry "cn=inetorgperson,cn=schema,cn=config"
SASL/EXTERNAL authentication started
6582791f.2c1bdd68 0x7fadb23fd700 conn=1004 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2c1ce3db 0x7fadb23fd700 conn=1004 op=0 BIND dn="" method=163
6582791f.2c1d6f44 0x7fadb23fd700 conn=1004 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2c1dcaa9 0x7fadb23fd700 conn=1004 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2c1e4d11 0x7fadb23fd700 conn=1004 op=0 RESULT tag=97 err=0 qtime=0.000008 etime=0.000106 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2c25f5d1 0x7fadb2bfe700 conn=1004 op=1 ADD dn="cn=nis,cn=schema,cn=config"
6582791f.2c3552c5 0x7fadb2bfe700 conn=1004 op=1 RESULT tag=105 err=0 qtime=0.000009 etime=0.001037 text=
6582791f.2c36b686 0x7fadb23fd700 conn=1004 op=2 UNBIND
adding new entry "cn=nis,cn=schema,cn=config"
6582791f.2c388e80 0x7fadb23fd700 conn=1004 fd=12 closed
SASL/EXTERNAL authentication started
6582791f.2c7d9ec9 0x7fadb2bfe700 conn=1005 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2c7e8022 0x7fadb23fd700 conn=1005 op=0 BIND dn="" method=163
6582791f.2c7f3e49 0x7fadb23fd700 conn=1005 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2c7f93f4 0x7fadb23fd700 conn=1005 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2c7ff0fc 0x7fadb23fd700 conn=1005 op=0 RESULT tag=97 err=0 qtime=0.000010 etime=0.000109 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2c82811d 0x7fadb2bfe700 conn=1005 op=1 ADD dn="cn=module{0},cn=config"
6582791f.2c97a9a7 0x7fadb2bfe700 conn=1005 op=1 RESULT tag=105 err=0 qtime=0.000008 etime=0.001410 text=
6582791f.2c9927df 0x7fadb23fd700 conn=1005 op=2 UNBIND
6582791f.2c99e092 0x7fadb23fd700 conn=1005 fd=12 closed
adding new entry "cn=module{0},cn=config"
SASL/EXTERNAL authentication started
6582791f.2cda16b6 0x7fadb2bfe700 conn=1006 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2cdadc3b 0x7fadb2bfe700 conn=1006 op=0 BIND dn="" method=163
6582791f.2cdb3088 0x7fadb2bfe700 conn=1006 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2cdb67ea 0x7fadb2bfe700 conn=1006 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2cdbc8c4 0x7fadb2bfe700 conn=1006 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000069 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2cddb0d6 0x7fadb23fd700 conn=1006 op=1 MOD dn="cn=config"
6582791f.2cde43e3 0x7fadb23fd700 conn=1006 op=1 MOD attr=olcServerID
6582791f.2ce60118 0x7fadb23fd700 conn=1006 op=1 RESULT tag=103 err=0 qtime=0.000008 etime=0.000567 text=
6582791f.2ce77e7f 0x7fadb2bfe700 conn=1006 op=2 UNBIND
modifying entry "cn=config"
6582791f.2ce89f23 0x7fadb2bfe700 conn=1006 fd=12 closed
SASL/EXTERNAL authentication started
6582791f.2d30fe40 0x7fadb23fd700 conn=1007 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2d31e9f7 0x7fadb2bfe700 conn=1007 op=0 BIND dn="" method=163
6582791f.2d32c138 0x7fadb2bfe700 conn=1007 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2d331ab4 0x7fadb2bfe700 conn=1007 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2d339233 0x7fadb2bfe700 conn=1007 op=0 RESULT tag=97 err=0 qtime=0.000011 etime=0.000129 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2d36a802 0x7fadb23fd700 conn=1007 op=1 ADD dn="olcOverlay=syncprov,olcDatabase={0}config,cn=config"
6582791f.2d3c76df 0x7fadb23fd700 conn=1007 op=1 RESULT tag=105 err=0 qtime=0.000011 etime=0.000426 text=
6582791f.2d3de244 0x7fadb2bfe700 conn=1007 op=2 UNBIND
adding new entry "olcOverlay=syncprov,olcDatabase={0}config,cn=config"
6582791f.2d3eb26d 0x7fadb2bfe700 conn=1007 fd=12 closed
SASL/EXTERNAL authentication started
6582791f.2d812c94 0x7fadb23fd700 conn=1008 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
6582791f.2d81fea6 0x7fadb2bfe700 conn=1008 op=0 BIND dn="" method=163
6582791f.2d827cb1 0x7fadb2bfe700 conn=1008 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
6582791f.2d82c171 0x7fadb2bfe700 conn=1008 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
6582791f.2d831aa7 0x7fadb2bfe700 conn=1008 op=0 RESULT tag=97 err=0 qtime=0.000012 etime=0.000084 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
6582791f.2d8500d0 0x7fadb23fd700 conn=1008 op=1 MOD dn="olcDatabase={0}config,cn=config"
6582791f.2d85491c 0x7fadb23fd700 conn=1008 op=1 MOD attr=olcSyncRepl olcMirrorMode
6582791f.2d87c0f6 0x7fadb23fd700 olcMultiProvider: value #0: <olcMultiProvider> database is not a shadow
6582791f.2d888c7b 0x7fadb23fd700 conn=1008 op=1 RESULT tag=103 err=80 qtime=0.000006 etime=0.000256 text=<olcMultiProvider> database is not a shadow
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcMultiProvider> database is not a shadow
6582791f.2d89f9c9 0x7fadb2bfe700 conn=1008 op=2 UNBIND
6582791f.2d8a7b1a 0x7fadb2bfe700 conn=1008 fd=12 closed
modifying entry "olcDatabase={0}config,cn=config"
6582791f.2dd01a12 0x7fadb33ff700 daemon: shutdown requested and initiated.
6582791f.2dd2beef 0x7fadb33ff700 slapd shutdown: waiting for 0 operations/tasks to finish
6582791f.2de4b8d6 0x7fadb4437740 slapd stopped.
values.yaml:
global:
ldapDomain: dc=example,dc=org
existingSecret: ldap-admin
replicaCount: 1
customLdifFiles:
00-root.ldif: |-
# Root creation
dn: dc=example,dc=org
objectClass: dcObject
objectClass: organization
o: Example, Inc
01-default-user.ldif: |-
dn: cn=Jean Dupond,dc=example,dc=org
cn: Jean Dupond
gidnumber: 500
givenname: Jean
homedirectory: /home/users/jdupond
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Dupond
uid: jdupond
uidnumber: 1000
userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
02-default-group.ldif: |-
dn: cn=myGroup,dc=example,dc=org
cn: myGroup
gidnumber: 500
objectclass: posixGroup
objectclass: top
add: memberUid
memberUid: jdupond
03-test-memberof.ldif: |-
dn: ou=Group,dc=example,dc=org
objectclass: organizationalUnit
ou: Group
dn: ou=People,dc=example,dc=org
objectclass: organizationalUnit
ou: People
dn: uid=test1,ou=People,dc=example,dc=org
objectclass: account
uid: test1
dn: cn=testgroup,ou=Group,dc=example,dc=org
objectclass: groupOfNames
cn: testgroup
member: uid=test1,ou=People,dc=example,dc=org
customSchemaFiles:
#enable memberOf ldap search functionality, users automagically track groups they belong to
00-memberof.ldif: |-
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof
01-memberof.ldif: |-
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefint: TRUE
jp-gouin commented
I see that replicaCount is 1 , did you disable the replication ?
seang96 commented
Yes for quicker testing since you have to wipe the PVC
jp-gouin commented
Ok can you post your full values file ?
seang96 commented
That was my values.yaml file for testing. As for my real one I am also intending to load in rfc2307bis using ldif file from https://github.com/osixia/docker-openldap in my production config. I am currently using that docker image for my setup that is not HA.
jp-gouin commented
Alright, in that case can you add the following in your values to disable the replication :
replication:
enabled: false
seang96 commented
Running with replication false I still get an error
Logs on initial pod creation
05:12:29.99 INFO ==> ** Starting LDAP setup **
05:12:30.03 INFO ==> Validating settings in LDAP_* env vars
05:12:30.04 INFO ==> Initializing OpenLDAP...
05:12:30.04 DEBUG ==> Ensuring expected directories/files exist...
05:12:30.06 INFO ==> Creating LDAP online configuration
05:12:30.09 INFO ==> Starting OpenLDAP server in background
65851abe.062e167a 0x7f6f4dd70740 @(#) $OpenLDAP: slapd 2.6.3 (Jan 17 2023 16:44:38) $
@a34c3898a374:/bitnami/blacksmith-sandox/openldap-2.6.3/servers/slapd
65851abe.1e90d743 0x7f6f4dd70740 slapd starting
05:12:31.10 INFO ==> Configure LDAP credentials for admin user
SASL/EXTERNAL authentication started
65851abf.06d4733c 0x7f6f47fff700 conn=1000 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65851abf.06d79251 0x7f6f477fe700 conn=1000 op=0 BIND dn="" method=163
65851abf.06d85dd7 0x7f6f477fe700 conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65851abf.06d8cf9b 0x7f6f477fe700 conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65851abf.06d954be 0x7f6f477fe700 conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000025 etime=0.000152 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65851abf.06de3ae4 0x7f6f47fff700 conn=1000 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
65851abf.06df03f5 0x7f6f47fff700 conn=1000 op=1 MOD attr=olcSuffix
65851abf.06e9b754 0x7f6f47fff700 conn=1000 op=1 RESULT tag=103 err=0 qtime=0.000014 etime=0.000839 text=
65851abf.06ec61a6 0x7f6f477fe700 conn=1000 op=2 MOD dn="olcDatabase={2}mdb,cn=config"
65851abf.06ed302c 0x7f6f477fe700 conn=1000 op=2 MOD attr=olcRootDN
65851abf.0c420cb8 0x7f6f477fe700 conn=1000 op=2 RESULT tag=103 err=0 qtime=0.000010 etime=0.089525 text=
65851abf.0c45b77d 0x7f6f47fff700 conn=1000 op=3 MOD dn="olcDatabase={2}mdb,cn=config"
65851abf.0c4696ed 0x7f6f47fff700 conn=1000 op=3 MOD attr=olcRootPW
65851abf.0e0ac282 0x7f6f47fff700 conn=1000 op=3 RESULT tag=103 err=0 qtime=0.000041 etime=0.029766 text=
65851abf.0e0d1fe4 0x7f6f477fe700 conn=1000 op=4 MOD dn="olcDatabase={1}monitor,cn=config"
65851abf.0e0dcc96 0x7f6f477fe700 conn=1000 op=4 MOD attr=olcAccess
65851abf.0e172006 0x7f6f477fe700 conn=1000 op=4 RESULT tag=103 err=0 qtime=0.000010 etime=0.000686 text=
65851abf.0e1a69f1 0x7f6f47fff700 conn=1000 op=5 MOD dn="olcDatabase={0}config,cn=config"
65851abf.0e1aedfc 0x7f6f47fff700 conn=1000 op=5 MOD attr=olcRootDN
65851abf.0e2049b7 0x7f6f47fff700 conn=1000 op=5 RESULT tag=103 err=0 qtime=0.000015 etime=0.000426 text=
65851abf.0e23d334 0x7f6f477fe700 conn=1000 op=6 MOD dn="olcDatabase={0}config,cn=config"
65851abf.0e2498b9 0x7f6f477fe700 conn=1000 op=6 MOD attr=olcRootPW
65851abf.14e4f4b4 0x7f6f477fe700 conn=1000 op=6 RESULT tag=103 err=0 qtime=0.000016 etime=0.113345 text=
65851abf.14e6c3ad 0x7f6f47fff700 conn=1000 op=7 UNBIND
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
65851abf.14e9aad6 0x7f6f47fff700 conn=1000 fd=12 closed
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={1}monitor,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
05:12:31.35 INFO ==> Configuring TLS
65851abf.1593e7b4 0x7f6f477fe700 conn=1001 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
SASL/EXTERNAL authentication started
65851abf.159d9871 0x7f6f47fff700 conn=1001 op=0 BIND dn="" method=163
65851abf.15a0963e 0x7f6f47fff700 conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65851abf.15a11149 0x7f6f47fff700 conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65851abf.15a1aa10 0x7f6f47fff700 conn=1001 op=0 RESULT tag=97 err=0 qtime=0.000015 etime=0.000287 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65851abf.15a7e53c 0x7f6f477fe700 conn=1001 op=1 MOD dn="cn=config"
65851abf.15a88fbf 0x7f6f477fe700 conn=1001 op=1 MOD attr=olcTLSCACertificateFile olcTLSCertificateFile olcTLSCertificateKeyFile
65851abf.15d5e5ff 0x7f6f477fe700 conn=1001 op=1 RESULT tag=103 err=0 qtime=0.000013 etime=0.003063 text=
65851abf.15d94f4a 0x7f6f47fff700 conn=1001 op=2 UNBIND
modifying entry "cn=config"
65851abf.15e4c45c 0x7f6f477fe700 conn=1001 fd=12 closed
05:12:31.37 INFO ==> Adding LDAP extra schemas
SASL/EXTERNAL authentication started
65851abf.16d2d067 0x7f6f47fff700 conn=1002 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65851abf.16d5b032 0x7f6f477fe700 conn=1002 op=0 BIND dn="" method=163
65851abf.16d719f4 0x7f6f477fe700 conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65851abf.16d79c5c 0x7f6f477fe700 conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65851abf.16d8476b 0x7f6f477fe700 conn=1002 op=0 RESULT tag=97 err=0 qtime=0.000022 etime=0.000198 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65851abf.16deb06c 0x7f6f47fff700 conn=1002 op=1 ADD dn="cn=cosine,cn=schema,cn=config"
65851abf.1705be22 0x7f6f47fff700 conn=1002 op=1 RESULT tag=105 err=0 qtime=0.000013 etime=0.002675 text=
65851abf.1707e697 0x7f6f477fe700 conn=1002 op=2 UNBIND
65851abf.17089904 0x7f6f477fe700 conn=1002 fd=12 closed
adding new entry "cn=cosine,cn=schema,cn=config"
65851abf.1783bd35 0x7f6f47fff700 conn=1003 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
SASL/EXTERNAL authentication started
65851abf.17863e55 0x7f6f477fe700 conn=1003 op=0 BIND dn="" method=163
65851abf.17881d21 0x7f6f477fe700 conn=1003 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65851abf.178a37f2 0x7f6f477fe700 conn=1003 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65851abf.178c966b 0x7f6f477fe700 conn=1003 op=0 RESULT tag=97 err=0 qtime=0.000015 etime=0.000435 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65851abf.1791ff3f 0x7f6f47fff700 conn=1003 op=1 ADD dn="cn=inetorgperson,cn=schema,cn=config"
65851abf.17a08b39 0x7f6f47fff700 conn=1003 op=1 RESULT tag=105 err=0 qtime=0.000013 etime=0.000991 text=
65851abf.17a28b93 0x7f6f477fe700 conn=1003 op=2 UNBIND
65851abf.17a382c0 0x7f6f477fe700 conn=1003 fd=12 closed
adding new entry "cn=inetorgperson,cn=schema,cn=config"
SASL/EXTERNAL authentication started
65851abf.180c8c4c 0x7f6f47fff700 conn=1004 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65851abf.180f91bd 0x7f6f477fe700 conn=1004 op=0 BIND dn="" method=163
65851abf.18110e52 0x7f6f477fe700 conn=1004 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65851abf.18137312 0x7f6f477fe700 conn=1004 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65851abf.1817daa2 0x7f6f477fe700 conn=1004 op=0 RESULT tag=97 err=0 qtime=0.000028 etime=0.000577 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65851abf.18222126 0x7f6f47fff700 conn=1004 op=1 ADD dn="cn=nis,cn=schema,cn=config"
65851abf.183ce72c 0x7f6f47fff700 conn=1004 op=1 RESULT tag=105 err=0 qtime=0.000018 etime=0.001802 text=
adding new entry "cn=nis,cn=schema,cn=config"
65851abf.18449449 0x7f6f477fe700 conn=1004 op=2 UNBIND
65851abf.184b2bf0 0x7f6f477fe700 conn=1004 fd=12 closed
SASL/EXTERNAL authentication started
65851abf.18af9c47 0x7f6f47fff700 conn=1005 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65851abf.18b30faa 0x7f6f477fe700 conn=1005 op=0 BIND dn="" method=163
65851abf.18b3f2a6 0x7f6f477fe700 conn=1005 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65851abf.18b469df 0x7f6f477fe700 conn=1005 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65851abf.18b5104a 0x7f6f477fe700 conn=1005 op=0 RESULT tag=97 err=0 qtime=0.000013 etime=0.000148 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65851abf.18b98d21 0x7f6f47fff700 conn=1005 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
65851abf.18bab7de 0x7f6f47fff700 conn=1005 op=1 MOD attr=olcAccess
65851abf.18bea71d 0x7f6f47fff700 slapd: line 0: rootdn is always granted unlimited privileges.
65851abf.18c00197 0x7f6f47fff700 slapd: line 0: rootdn is always granted unlimited privileges.
65851abf.18caf4ce 0x7f6f47fff700 conn=1005 op=1 RESULT tag=103 err=0 qtime=0.000009 etime=0.001170 text=
65851abf.18cd7d91 0x7f6f477fe700 conn=1005 op=2 UNBIND
65851abf.18ce7c1b 0x7f6f47fff700 conn=1005 fd=12 closed
modifying entry "olcDatabase={2}mdb,cn=config"
65851abf.194c7d5d 0x7f6f477fe700 conn=1006 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
SASL/EXTERNAL authentication started
65851abf.194e52e2 0x7f6f47fff700 conn=1006 op=0 BIND dn="" method=163
65851abf.194f9f73 0x7f6f47fff700 conn=1006 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65851abf.19503a23 0x7f6f47fff700 conn=1006 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65851abf.1950fbd6 0x7f6f47fff700 conn=1006 op=0 RESULT tag=97 err=0 qtime=0.000012 etime=0.000181 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65851abf.19540c77 0x7f6f477fe700 conn=1006 op=1 MOD dn="cn=module{0},cn=config"
65851abf.1955b1f8 0x7f6f477fe700 conn=1006 op=1 MOD attr=olcModuleLoad
65851abf.1957854f 0x7f6f477fe700 conn=1006 op=1 RESULT tag=103 err=32 qtime=0.000031 etime=0.000289 text=
ldap_modify: No such object (32)
matched DN: cn=config
65851abf.19595519 0x7f6f47fff700 conn=1006 op=2 UNBIND
65851abf.195b29cd 0x7f6f47fff700 conn=1006 fd=12 closed
modifying entry "cn=module{0},cn=config"
65851abf.19d18ff3 0x7f6f4cbff700 daemon: shutdown requested and initiated.
65851abf.19d4588e 0x7f6f4cbff700 slapd shutdown: waiting for 0 operations/tasks to finish
65851abf.19df0077 0x7f6f4dd70740 slapd stopped.
LDAP response
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (memberOf=cn=testgroup,ou=Group,dc=example,dc=org)
# requesting: ALL
#
# search result
search: 2
result: 32 No such object
# numResponses: 1
zoc commented
I have the exact the same issue, and the workaround provided by @jp-gouin does not work neither. It looks like syncprov module is configured after import of custom schemas, thus overwriting the cn=module{0},cn=config attributes.
RaffaelGrob commented
Based on your test @jp-gouin , I retried. I'm also failing. For troubleshooting purposes I ran it with this command:
cat <<EOF > /tmp/schema.ldif
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/schema.ldifand got:
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=module{0},cn=config"
ldap_modify: No such object (32)
matched DN: cn=config
Currently I run bitnami/openldap 2.6.3, as non-root - what magic did you do that it works on your machine ?
And after Updating to 2.6.6, still as non-root - i get this using the snipped above:
I have no name!@openldap-demo-7-0:/$ ldapmodify -Y EXTERNAL -H ldapi:/// -f /tmp/schema.ldif
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "cn=module{0},cn=config"
ldap_modify: Other (e.g., implementation specific) error (80)
additional info: <olcModuleLoad> handler exited with 1
I have no name!@openldap-demo-7-0:/$
and see this in my log on K8S:
SASL/EXTERNAL authentication startedSASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=authSASL SSF: 0659ece9f.3b5eab1d 0x7f55b5ddf700 \
lt_dlopenext failed: (memberof) file not found659ece9f.3b5fc65d 0x7f55b5ddf700 olcModuleLoad: value #0: \
<olcModuleLoad> handler exited with 1!ldap_modify: Other (e.g., implementation specific) error (80) \
additional info: <olcModuleLoad> handler exited with 1modifying entry "cn=module{0},cn=config"
RaffaelGrob commented
Based on the quoted comment below of @GabeChurch , I could overcome problems adding the customSchemaFiles. But I had to do a tweak!
00-memberof.ldif: |-
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
# use fully qualified path, as the default points to: /opt/bitnami/openldap/libexec/openldap
olcModuleLoad: /opt/bitnami/openldap/lib/openldap/memberof.so
olcModuleLoad: /opt/bitnami/openldap/lib/openldap/refint.so
The next two ldifs for:
- dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
- dn: olcOverlay=refint,olcDatabase={2}mdb,cn=config
worked well and i could inspect the changes on the running instance using this commands:
slapcat -F /bitnami/openldap/slapd.d/ -b cn=config -a "(|(cn=config)(cn=module{0}))"
slapcat -F /bitnami/openldap/slapd.d/ -b cn=config -a "(|(cn=config)(olcDatabase={2}mdb)(olcOverlay=memberof))"
slapcat -F /bitnami/openldap/slapd.d/ -b cn=config -a "(|(cn=config)(olcDatabase={2}mdb)(olcOverlay=refint))"
But this is only an intermediate step. A proof that it really works is waiting for time. I need to know two ldifs that create a user and a group and a way to assess if memberof works. If somebody reads this and can append such a test, that would help certainly :-)
I figured it out finally, this is how you do it
customSchemaFiles: #enable memberOf ldap search functionality, users automagically track groups they belong to 00-modules.ldif: |- dn: cn=module{0},cn=config changetype: modify add: olcModuleLoad olcModuleLoad: memberof olcModuleLoad: refint 01-memberof.ldif: |- dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config changetype: add objectClass: olcMemberOf objectClass: olcOverlayConfig olcOverlay: memberof olcMemberOfRefInt: TRUE olcMemberOfGroupOC: groupOfUniqueNames olcMemberOfMemberAD: uniqueMember olcMemberOfMemberOfAD: memberOf refint.ldif: |- dn: olcOverlay=refint,olcDatabase={2}mdb,cn=config changetype: add objectClass: olcConfig objectClass: olcOverlayConfig objectClass: olcRefintConfig objectClass: top olcOverlay: refint olcRefintAttribute: memberof uniqueMember manager owner
jp-gouin commented
Hi, I've compiled the following guide to use memberof module :
Examples of MemberOf configuration
Enable MemberOf using replication
Use the following values to enable memberof attribute:
# Default configuration for openldap as environment variables. These get injected directly in the container.
# Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
env:
BITNAMI_DEBUG: "true"
LDAP_LOGLEVEL: "256"
LDAP_TLS_ENFORCE: "false"
LDAPTLS_REQCERT: "never"
LDAP_ENABLE_TLS: "yes"
LDAP_CONFIG_ADMIN_ENABLED: "yes"
LDAP_SKIP_DEFAULT_TREE: "no"
customLdifFiles:
00-root.ldif: |-
# Root creation
dn: dc=example,dc=org
objectClass: dcObject
objectClass: organization
o: Example, Inc
01-default-user.ldif: |-
dn: cn=Jean Dupond,dc=example,dc=org
cn: Jean Dupond
gidnumber: 500
givenname: Jean
homedirectory: /home/users/jdupond
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Dupond
uid: jdupond
uidnumber: 1000
userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
02-default-group.ldif: |-
dn: cn=myGroup,dc=example,dc=org
cn: myGroup
gidnumber: 500
objectclass: posixGroup
objectclass: top
add: memberUid
memberUid: jdupond
03-test-memberof.ldif: |-
dn: ou=Group,dc=example,dc=org
objectclass: organizationalUnit
ou: Group
dn: ou=People,dc=example,dc=org
objectclass: organizationalUnit
ou: People
dn: uid=test1,ou=People,dc=example,dc=org
objectclass: account
uid: test1
dn: cn=testgroup,ou=Group,dc=example,dc=org
objectclass: groupOfNames
cn: testgroup
member: uid=test1,ou=People,dc=example,dc=org
customSchemaFiles:
#enable memberOf ldap search functionality, users automagically track groups they belong to
00-memberof.ldif: |-
dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof
01-memberof.ldif: |-
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefint: TRUE
Connect to your openldap instance and execute:
LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://127.0.0.1:1636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)"
You should get the following result:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (memberOf=cn=testgroup,ou=Group,dc=example,dc=org)
# requesting: ALL
#
# test1, People, example.org
dn: uid=test1,ou=People,dc=example,dc=org
objectClass: account
uid: test1
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Enable MemberOf without replication
When the replication is disabled, the cn=module needs to be loaded using :
# Load memberof module
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: memberof.so
olcModulePath: /opt/bitnami/openldap/lib/openldap
Use the following values to enable memberof attribute:
# Default configuration for openldap as environment variables. These get injected directly in the container.
# Use the env variables from https://github.com/osixia/docker-openldap#beginner-guide
env:
BITNAMI_DEBUG: "true"
LDAP_LOGLEVEL: "256"
LDAP_TLS_ENFORCE: "false"
LDAPTLS_REQCERT: "never"
LDAP_ENABLE_TLS: "yes"
LDAP_CONFIG_ADMIN_ENABLED: "yes"
LDAP_SKIP_DEFAULT_TREE: "no"
replicaCount: 1
replication:
enabled: false
customLdifFiles:
00-root.ldif: |-
# Root creation
dn: dc=example,dc=org
objectClass: dcObject
objectClass: organization
o: Example, Inc
01-default-user.ldif: |-
dn: cn=Jean Dupond,dc=example,dc=org
cn: Jean Dupond
gidnumber: 500
givenname: Jean
homedirectory: /home/users/jdupond
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Dupond
uid: jdupond
uidnumber: 1000
userpassword: {MD5}KOULhzfBhPTq9k7a9XfCGw==
02-default-group.ldif: |-
dn: cn=myGroup,dc=example,dc=org
cn: myGroup
gidnumber: 500
objectclass: posixGroup
objectclass: top
add: memberUid
memberUid: jdupond
03-test-memberof.ldif: |-
dn: ou=Group,dc=example,dc=org
objectclass: organizationalUnit
ou: Group
dn: ou=People,dc=example,dc=org
objectclass: organizationalUnit
ou: People
dn: uid=test1,ou=People,dc=example,dc=org
objectclass: account
uid: test1
dn: cn=testgroup,ou=Group,dc=example,dc=org
objectclass: groupOfNames
cn: testgroup
member: uid=test1,ou=People,dc=example,dc=org
customSchemaFiles:
#enable memberOf ldap search functionality, users automagically track groups they belong to
00-memberof.ldif: |-
# Load memberof module
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModuleLoad: memberof.so
olcModulePath: /opt/bitnami/openldap/lib/openldap
01-memberof.ldif: |-
dn: olcOverlay=memberof,olcDatabase={2}mdb,cn=config
changetype: add
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefint: TRUE
Connect to your openldap instance and execute:
LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://127.0.0.1:1636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)"
You should get the following result:
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (memberOf=cn=testgroup,ou=Group,dc=example,dc=org)
# requesting: ALL
#
# test1, People, example.org
dn: uid=test1,ou=People,dc=example,dc=org
objectClass: account
uid: test1
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
seang96 commented
seang96 commented
Using the exact config for replica from your comment I get an error that causes the pods to crash on first initialization. memberof doesn't work afterwards either.
seang96@DESKTOP-K78DKFR:~/homelab/ldap$ k logs ldap-0 --previous
Defaulted container "openldap-stack-ha" out of: openldap-stack-ha, init-schema (init), init-tls-secret (init)
05:02:35.18 INFO ==> ** Starting LDAP setup **
05:02:35.25 INFO ==> Validating settings in LDAP_* env vars
05:02:35.26 INFO ==> Initializing OpenLDAP...
05:02:35.26 DEBUG ==> Ensuring expected directories/files exist...
05:02:35.29 INFO ==> Creating LDAP online configuration
05:02:35.29 INFO ==> Creating slapd.ldif
05:02:35.32 INFO ==> Starting OpenLDAP server in background
65c1bd6b.13e557f6 0x7f5251612740 @(#) $OpenLDAP: slapd 2.6.6 (Aug 18 2023 23:33:58) $
@a67812f7d14b:/bitnami/blacksmith-sandox/openldap-2.6.6/servers/slapd
65c1bd6b.1a9e1de8 0x7f5251612740 slapd starting
05:02:36.33 INFO ==> Configure LDAP credentials for admin user
SASL/EXTERNAL authentication started
65c1bd6c.144bb9e0 0x7f520bfff700 conn=1000 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.144d9b45 0x7f520bfff700 conn=1000 op=0 BIND dn="" method=163
65c1bd6c.144e3795 0x7f520bfff700 conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.144e60ea 0x7f520bfff700 conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.144e9dd6 0x7f520bfff700 conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000082 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.14503dac 0x7f520bfff700 conn=1000 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
65c1bd6c.1451b13e 0x7f520bfff700 conn=1000 op=1 MOD attr=olcSuffix
65c1bd6c.145a6e17 0x7f520bfff700 conn=1000 op=1 RESULT tag=103 err=0 qtime=0.000004 etime=0.000711 text=
65c1bd6c.14632e8f 0x7f520bfff700 conn=1000 op=2 MOD dn="olcDatabase={2}mdb,cn=config"
65c1bd6c.1463b222 0x7f520bfff700 conn=1000 op=2 MOD attr=olcRootDN
65c1bd6c.156d010f 0x7f520bfff700 conn=1000 op=2 RESULT tag=103 err=0 qtime=0.000008 etime=0.017430 text=
65c1bd6c.157169e6 0x7f520b7fe700 conn=1000 op=3 MOD dn="olcDatabase={2}mdb,cn=config"
65c1bd6c.1572039c 0x7f520b7fe700 conn=1000 op=3 MOD attr=olcRootPW
65c1bd6c.1578c824 0x7f520b7fe700 conn=1000 op=3 RESULT tag=103 err=0 qtime=0.000010 etime=0.000521 text=
65c1bd6c.157e029a 0x7f520bfff700 conn=1000 op=4 MOD dn="olcDatabase={1}monitor,cn=config"
65c1bd6c.157e6f42 0x7f520bfff700 conn=1000 op=4 MOD attr=olcAccess
65c1bd6c.15857a82 0x7f520bfff700 conn=1000 op=4 RESULT tag=103 err=0 qtime=0.000007 etime=0.000512 text=
65c1bd6c.15862525 0x7f520b7fe700 conn=1000 op=5 MOD dn="olcDatabase={0}config,cn=config"
65c1bd6c.15868ef5 0x7f520b7fe700 conn=1000 op=5 MOD attr=olcRootDN
65c1bd6c.158a97ca 0x7f520b7fe700 conn=1000 op=5 RESULT tag=103 err=0 qtime=0.000028 etime=0.000330 text=
65c1bd6c.1590dce9 0x7f520b7fe700 conn=1000 op=6 MOD dn="olcDatabase={0}config,cn=config"
65c1bd6c.15911dc6 0x7f520b7fe700 conn=1000 op=6 MOD attr=olcRootPW
65c1bd6c.16a1782e 0x7f520b7fe700 conn=1000 op=6 RESULT tag=103 err=0 qtime=0.000005 etime=0.017874 text=
65c1bd6c.16a290ef 0x7f520bfff700 conn=1000 op=7 UNBIND
65c1bd6c.16a31354 0x7f520bfff700 conn=1000 fd=12 closed
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={1}monitor,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
modifying entry "olcDatabase={0}config,cn=config"
05:02:36.38 INFO ==> Adding LDAP extra schemas
SASL/EXTERNAL authentication started
65c1bd6c.16f1da60 0x7f520b7fe700 conn=1001 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.16f27a3e 0x7f520bfff700 conn=1001 op=0 BIND dn="" method=163
65c1bd6c.16f30506 0x7f520bfff700 conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.16f32ee2 0x7f520bfff700 conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.16f38365 0x7f520bfff700 conn=1001 op=0 RESULT tag=97 err=0 qtime=0.000004 etime=0.000075 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.170a3d40 0x7f520b7fe700 conn=1001 op=1 ADD dn="cn=cosine,cn=schema,cn=config"
65c1bd6c.17191e1b 0x7f520b7fe700 conn=1001 op=1 RESULT tag=105 err=0 qtime=0.000006 etime=0.001025 text=
65c1bd6c.171af273 0x7f520bfff700 conn=1001 op=2 UNBIND
65c1bd6c.171b5c6c 0x7f520bfff700 conn=1001 fd=12 closed
adding new entry "cn=cosine,cn=schema,cn=config"
SASL/EXTERNAL authentication started
65c1bd6c.174b9942 0x7f520b7fe700 conn=1002 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.174c0e70 0x7f520bfff700 conn=1002 op=0 BIND dn="" method=163
65c1bd6c.174cc0b8 0x7f520bfff700 conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.174ce81a 0x7f520bfff700 conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.174e278d 0x7f520bfff700 conn=1002 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000147 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.17537e53 0x7f520b7fe700 conn=1002 op=1 ADD dn="cn=inetorgperson,cn=schema,cn=config"
65c1bd6c.175bf98e 0x7f520b7fe700 conn=1002 op=1 RESULT tag=105 err=0 qtime=0.000007 etime=0.000585 text=
65c1bd6c.175c7f2d 0x7f520bfff700 conn=1002 op=2 UNBIND
65c1bd6c.175cf1d7 0x7f520bfff700 conn=1002 fd=12 closed
adding new entry "cn=inetorgperson,cn=schema,cn=config"
SASL/EXTERNAL authentication started
65c1bd6c.1788ef06 0x7f520b7fe700 conn=1003 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.1789542c 0x7f520bfff700 conn=1003 op=0 BIND dn="" method=163
65c1bd6c.178a3ec0 0x7f520bfff700 conn=1003 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.178a5caa 0x7f520bfff700 conn=1003 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.178a92ed 0x7f520bfff700 conn=1003 op=0 RESULT tag=97 err=0 qtime=0.000004 etime=0.000089 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.17903e0c 0x7f520b7fe700 conn=1003 op=1 ADD dn="cn=nis,cn=schema,cn=config"
65c1bd6c.179be97f 0x7f520b7fe700 conn=1003 op=1 RESULT tag=105 err=0 qtime=0.000005 etime=0.000793 text=
65c1bd6c.179c6946 0x7f520bfff700 conn=1003 op=2 UNBIND
65c1bd6c.179cc382 0x7f520bfff700 conn=1003 fd=12 closed
adding new entry "cn=nis,cn=schema,cn=config"
SASL/EXTERNAL authentication started
65c1bd6c.17c2bab8 0x7f520b7fe700 conn=1004 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.17c333c5 0x7f520bfff700 conn=1004 op=0 BIND dn="" method=163
65c1bd6c.17c38d76 0x7f520bfff700 conn=1004 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.17c3a7d3 0x7f520bfff700 conn=1004 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.17c3ce9c 0x7f520bfff700 conn=1004 op=0 RESULT tag=97 err=0 qtime=0.000005 etime=0.000047 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.17c4d914 0x7f520b7fe700 conn=1004 op=1 ADD dn="cn=module,cn=config"
65c1bd6c.17d96544 0x7f520b7fe700 conn=1004 op=1 RESULT tag=105 err=0 qtime=0.000005 etime=0.001367 text=
65c1bd6c.17d9edba 0x7f520b7fe700 conn=1004 op=2 UNBIND
65c1bd6c.17da3ddf 0x7f520b7fe700 conn=1004 fd=12 closed
adding new entry "cn=module,cn=config"
SASL/EXTERNAL authentication started
65c1bd6c.1807f878 0x7f520bfff700 conn=1005 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.180856c8 0x7f520b7fe700 conn=1005 op=0 BIND dn="" method=163
65c1bd6c.1808e72a 0x7f520b7fe700 conn=1005 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.18091d16 0x7f520b7fe700 conn=1005 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.18095c44 0x7f520b7fe700 conn=1005 op=0 RESULT tag=97 err=0 qtime=0.000008 etime=0.000079 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.180a807e 0x7f520bfff700 conn=1005 op=1 MOD dn="cn=config"
65c1bd6c.180aaf39 0x7f520bfff700 conn=1005 op=1 MOD attr=olcServerID
65c1bd6c.180fe069 0x7f520bfff700 conn=1005 op=1 RESULT tag=103 err=0 qtime=0.000005 etime=0.000377 text=
65c1bd6c.18108621 0x7f520b7fe700 conn=1005 op=2 UNBIND
65c1bd6c.1810cd5e 0x7f520b7fe700 conn=1005 fd=12 closed
modifying entry "cn=config"
SASL/EXTERNAL authentication started
65c1bd6c.1842995f 0x7f520bfff700 conn=1006 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.18433183 0x7f520b7fe700 conn=1006 op=0 BIND dn="" method=163
65c1bd6c.18437247 0x7f520b7fe700 conn=1006 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.18438c45 0x7f520b7fe700 conn=1006 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.1843b2ef 0x7f520b7fe700 conn=1006 op=0 RESULT tag=97 err=0 qtime=0.000003 etime=0.000039 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.18448e02 0x7f520bfff700 conn=1006 op=1 ADD dn="olcOverlay=syncprov,olcDatabase={0}config,cn=config"
65c1bd6c.18472e41 0x7f520bfff700 conn=1006 op=1 RESULT tag=105 err=0 qtime=0.000002 etime=0.000190 text=
65c1bd6c.1847a37e 0x7f520b7fe700 conn=1006 op=2 UNBIND
65c1bd6c.1847de02 0x7f520b7fe700 conn=1006 fd=12 closed
adding new entry "olcOverlay=syncprov,olcDatabase={0}config,cn=config"
SASL/EXTERNAL authentication started
65c1bd6c.187769b5 0x7f520bfff700 conn=1007 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.1877e951 0x7f520bfff700 conn=1007 op=0 BIND dn="" method=163
65c1bd6c.18782034 0x7f520bfff700 conn=1007 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.18784994 0x7f520bfff700 conn=1007 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.187882bc 0x7f520bfff700 conn=1007 op=0 RESULT tag=97 err=0 qtime=0.000004 etime=0.000045 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.187ab865 0x7f520b7fe700 conn=1007 op=1 MOD dn="olcDatabase={0}config,cn=config"
65c1bd6c.187b03ef 0x7f520b7fe700 conn=1007 op=1 MOD attr=olcSyncRepl olcMirrorMode
65c1bd6c.1880a2b4 0x7f520b7fe700 conn=1007 op=1 RESULT tag=103 err=0 qtime=0.000005 etime=0.000411 text=
modifying entry "olcDatabase={0}config,cn=config"
65c1bd6c.1881dc2b 0x7f520b7fe700 conn=1007 op=2 UNBIND
65c1bd6c.1882f87a 0x7f520b7fe700 conn=1007 fd=12 closed
SASL/EXTERNAL authentication started
65c1bd6c.18aa61eb 0x7f520b7fe700 conn=1008 fd=13 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.18aafbaf 0x7f520b7fe700 conn=1008 op=0 BIND dn="" method=163
65c1bd6c.18ab3e2b 0x7f520b7fe700 conn=1008 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.18ab6c36 0x7f520b7fe700 conn=1008 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.18abb13a 0x7f520b7fe700 conn=1008 op=0 RESULT tag=97 err=0 qtime=0.000003 etime=0.000052 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.18ac8e9a 0x7f520b7fe700 conn=1008 op=1 ADD dn="olcOverlay=syncprov,olcDatabase={2}mdb,cn=config"
65c1bd6c.18bc3048 0x7f520affd700 slap_client_connect: URI=ldap://ldap-2.ldap-headless.ldap.svc.cluster.local:1389 Error, ldap_start_tls failed (-1)
65c1bd6c.18bc8a68 0x7f520affd700 do_syncrepl: rid=003 rc -1 retrying
65c1bd6c.18ec5ef3 0x7f520bfff700 slap_client_connect: URI=ldap://ldap-1.ldap-headless.ldap.svc.cluster.local:1389 Error, ldap_start_tls failed (-1)
65c1bd6c.18ecb748 0x7f520bfff700 do_syncrepl: rid=002 rc -1 retrying
65c1bd6c.18efcef4 0x7f520b7fe700 conn=1008 op=1 RESULT tag=105 err=0 qtime=0.000002 etime=0.004423 text=
65c1bd6c.18f0aec0 0x7f520affd700 conn=1008 op=2 UNBIND
65c1bd6c.18f11cb1 0x7f520affd700 conn=1008 fd=13 closed
adding new entry "olcOverlay=syncprov,olcDatabase={2}mdb,cn=config"
SASL/EXTERNAL authentication started
65c1bd6c.1923879f 0x7f520b7fe700 conn=1009 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6c.19240cfa 0x7f520bfff700 conn=1009 op=0 BIND dn="" method=163
65c1bd6c.19248fc8 0x7f520bfff700 conn=1009 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6c.1924bc58 0x7f520bfff700 conn=1009 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6c.1924f700 0x7f520bfff700 conn=1009 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000070 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6c.19268573 0x7f520affd700 conn=1009 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
65c1bd6c.1926cd42 0x7f520affd700 conn=1009 op=1 MOD attr=olcSyncrepl
65c1bd6c.192c65cc 0x7f520affd700 conn=1009 op=1 RESULT tag=103 err=0 qtime=0.000004 etime=0.000407 text=
65c1bd6c.192d33d0 0x7f520bfff700 conn=1009 op=2 MOD dn="olcDatabase={2}mdb,cn=config"
65c1bd6c.192d85a5 0x7f520bfff700 conn=1009 op=2 MOD attr=olcMirrorMode
65c1bd6c.196046c4 0x7f520b7fe700 slap_client_connect: URI=ldap://ldap-2.ldap-headless.ldap.svc.cluster.local:1389 Error, ldap_start_tls failed (-1)
65c1bd6c.1995a23c 0x7f520affd700 slap_client_connect: URI=ldap://ldap-1.ldap-headless.ldap.svc.cluster.local:1389 Error, ldap_start_tls failed (-1)
65c1bd6d.0017c3ba 0x7f520b7fe700 do_syncrepl: rid=103 rc -1 retrying
65c1bd6d.0017c95b 0x7f520affd700 do_syncrepl: rid=102 rc -1 retrying
65c1bd6d.001f96af 0x7f520bfff700 conn=1009 op=2 RESULT tag=103 err=0 qtime=0.000005 etime=0.579691 text=
65c1bd6d.0020e6fc 0x7f520affd700 conn=1009 op=3 UNBIND
65c1bd6d.00220e7e 0x7f520bfff700 conn=1009 fd=12 closed
modifying entry "olcDatabase={2}mdb,cn=config"
modifying entry "olcDatabase={2}mdb,cn=config"
SASL/EXTERNAL authentication started
65c1bd6d.0052fb38 0x7f520b7fe700 conn=1010 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6d.0053d885 0x7f520affd700 conn=1010 op=0 BIND dn="" method=163
65c1bd6d.0054c4db 0x7f520affd700 conn=1010 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6d.00554815 0x7f520affd700 conn=1010 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6d.0055909a 0x7f520affd700 conn=1010 op=0 RESULT tag=97 err=0 qtime=0.000007 etime=0.000130 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6d.005c7b88 0x7f520bfff700 conn=1010 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
65c1bd6d.005d5bfd 0x7f520bfff700 conn=1010 op=1 MOD attr=olcAccess
65c1bd6d.005fdec7 0x7f520bfff700 slapd: line 0: rootdn is always granted unlimited privileges.
65c1bd6d.00608760 0x7f520bfff700 slapd: line 0: rootdn is always granted unlimited privileges.
65c1bd6d.01895908 0x7f520bfff700 conn=1010 op=1 RESULT tag=103 err=0 qtime=0.000005 etime=0.019736 text=
65c1bd6d.018b89e0 0x7f520b7fe700 conn=1010 op=2 UNBIND
65c1bd6d.018c1d32 0x7f520b7fe700 conn=1010 fd=12 closed
modifying entry "olcDatabase={2}mdb,cn=config"
SASL/EXTERNAL authentication started
65c1bd6d.01c96e93 0x7f520bfff700 conn=1011 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
65c1bd6d.01c9f2a3 0x7f520affd700 conn=1011 op=0 BIND dn="" method=163
65c1bd6d.01ca5eef 0x7f520affd700 conn=1011 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
65c1bd6d.01ca83f5 0x7f520affd700 conn=1011 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
65c1bd6d.01cab006 0x7f520affd700 conn=1011 op=0 RESULT tag=97 err=0 qtime=0.000007 etime=0.000059 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
65c1bd6d.01cc0bb7 0x7f520b7fe700 conn=1011 op=1 ADD dn="olcOverlay=memberof,olcDatabase={2}mdb,cn=config"
65c1bd6d.01cc6e85 0x7f520b7fe700 conn=1011 op=1 RESULT tag=105 err=21 qtime=0.000003 etime=0.000047 text=objectClass: value #1 invalid per syntax
ldap_add: Invalid syntax (21)
additional info: objectClass: value #1 invalid per syntax
adding new entry "olcOverlay=memberof,olcDatabase={2}mdb,cn=config"
65c1bd6d.01d7cc0e 0x7f520bfff700 conn=1011 op=2 UNBIND
65c1bd6d.01d85d29 0x7f520bfff700 conn=1011 fd=12 closed
65c1bd6d.023f8322 0x7f5210fff700 daemon: shutdown requested and initiated.
65c1bd6d.02428ed8 0x7f5210fff700 slapd shutdown: waiting for 0 operations/tasks to finish
65c1bd6d.025ac230 0x7f5251612740 slapd stopped.
seang96@DESKTOP-K78DKFR:~/homelab/ldap$ k exec -it ldap-0 -- bash
Defaulted container "openldap-stack-ha" out of: openldap-stack-ha, init-schema (init), init-tls-secret (init)
I have no name!@ldap-0:/$ LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://127.0.0.1:1636 -b 'dc=example,dc=org' "(memberOf=cn=testgroup,ou=Group,dc=example,dc=org)"
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (memberOf=cn=testgroup,ou=Group,dc=example,dc=org)
# requesting: ALL
#
# search result
search: 2
result: 0 Success
# numResponses: 1
I have no name!@ldap-0:/$
jp-gouin commented
Hi ,
Please take a look at memberOf documentation
I'm also using it now in the CI. Values file in .bin/myval.yaml