DOMjudge Docker missing LDAP extension

[RafaelPaulovic]

Hello everyone,

I'm trying to initiate DOMjudge from the 5.3 checkout using the following command: (after running the MariaDB container) docker run -v [path-to-domjudge-checkout]:/domjudge -v /sys/fs/cgroup:/sys/fs/cgroup:ro --link dj-mariadb:mariadb -it -e MYSQL_HOST=mariadb -e MYSQL_USER=domjudge -e MYSQL_DATABASE=domjudge -e MYSQL_PASSWORD=djpw -e MYSQL_ROOT_PASSWORD=rootpw -p 12345:80 --name domjudge --privileged domjudge/domjudge-contributor

I receive these following warnings:

Cannot create cache directory /root/.composer/cache/repo/https---repo.packagist.org/, or directory is not writable. Proceeding without cache
Cannot create cache directory /root/.composer/cache/files/, or directory is not writable. Proceeding without cache

And at the end of the script start.sh, during the copy of the webserver config I receive this final error that interrupts the installation:

[..] Copying webserver config
sed: can't read /etc/php/7.2/fpm/pool.d/domjudge.conf: No such file or directory

Does anyone can help me? Am I forgetting any step?

Thanks in advance.

[nickygerritsen]

Hi Rafael!

Do you want to run DOMjudge in Docker or develop on DOMjudge? For the former we have the domserver and judgehost Docker images. The domjudge-contributor image is mainly used to develop on DOMjudge on Windows / macOS or on systems where you don't want to set up everything yourself. It is not supported with DOMjudge 5.x.

[RafaelPaulovic]

Hi Nicky,

So, I would like mostly just to run DOMjudge image, but with some different configurations than the default. I'm trying to use the LDAP authentication that is available in the branch 5.3, is that possible with the domserverand judgehost Docker image?

Thank you!

[nickygerritsen]

I think if you volume-mount a modified version of https://github.com/DOMjudge/domjudge/blob/5.3/etc/domserver-config.php into the domserver Docker container, you can get it to work.

[RafaelPaulovic]

Hi again,

I tried to do that, using the following command line: docker run -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v [path-to-domjudge-folder]/etc/domserver-config.php:/opt/domjudge/domserver/etc/domserver-config.php --link dj-mariadb:mariadb -it -e MYSQL_HOST=mariadb -e MYSQL_USER=domjudge -e MYSQL_DATABASE=domjudge -e MYSQL_PASSWORD=djpw -e MYSQL_ROOT_PASSWORD=rootpw -p 12345:80 --name domserver domjudge/domserver:5.3.3

Unfortunately when trying to connect in the admin domjudge account I get the following error:

If I try to connect with a LDAP user (not yet inside the database) I get the following error:

In this second case I believe it doesn't finishes the authentication because I need to certify the authentication with a certificate file. So somehow I need to add this cert file in the php.ini and enable the php_ldap.dll extension (I believe using another volume will be enough for this) .

But since we found the first error, I believe it will always occurs because in the Dockerfile we don't do the php-ldap package install, so this ldap_connection() function doesn't exists. Maybe by adding php-ldap in the installation will make it work.

Would you add this package or should I do my on Dockerfile?

Thank you.

[nickygerritsen]

Could you docker exec -it domserver bash and then: apt update; apt install php-ldap (or maybe php7.2-ldap, followed by a supervisorctl restart php.

If that works, I am willing to push a new version of the image with that package in it.

[RafaelPaulovic]

Hi Nicky, that worked, the error saying that the ldap_connect() function is undefined doesn't exists anymore.

But I still have the Not Authenticated error in it's place (now for the admin/admin account). I believe this is happening because now we pass from the line 221 of the file /lib/www/auth.php, where it calls the ldap_connect() function.

I still have to find a way to use the certificate and LDAP binding properly, which is what I'm trying to do.

If we use a LDAP that doesn't need this certificate, I'm pretty sure that will work, so adding the installation might be useful.

[nickygerritsen]

I have pushed a new version of the 5.3.3 domserver image with php-ldap.

Let me know if we need to do more, but I think indeed when you succeed in connecting to the LDAP, it should work.

I also created https://github.com/DOMjudge/domjudge/issues/546 to make sure we re-add LDAP support in 6.x at some point.

[nickygerritsen]

@RafaelPaulovic is it OK to close this issue? When I fixed #35 it will contain a fixed for a missing PHP FPM setup and the LDAP issue you are having now is probably on your side?

[RafaelPaulovic]

Hi @nickygerritsen, no problem, I'm still trying to connect but yes it's more from my side now.

Thank you again.