joshuacox
commented
1 year ago I went ahead and tried with 2.6.6 just to make certain there was no difference between that and 2.6.3 and latest. Same results across the board.
Closed joshuacox closed 1 year ago
joshuacox
commented
1 year ago I went ahead and tried with 2.6.6 just to make certain there was no difference between that and 2.6.3 and latest. Same results across the board.
rafariossaa
commented
1 year ago Hi, That objectclass is not in schemas provided by opendlap:
I have no name!@ed7a1b25b575:/$ grep -i ldapPublicKey /opt/bitnami/openldap/etc/schema/*
I have no name!@ed7a1b25b575:/$ You would need to load a schema that provides that objectclass.
joshuacox
commented
1 year ago Any idea what that schema is? This seems like a pretty common use case, i.e. storing an sshPublicKey
joshuacox
commented
1 year ago so I think its this: https://github.com/AndriiGrytsenko/openssh-ldap-publickey/blob/master/misc/openssh-lpk-openldap.schema#L17-L21
However, I do not seem to be able to get this to uptake into the ldap server. I tried placing this file in /schemas
Which did not seem to work, I explicitly set LDAP_CUSTOM_SCHEMA_DIR=/schemas Seeing as how the default for LDAP_CUSTOM_SCHEMA_FILE is /schema/custom.ldif I thought maybe these files all had to be ldifs? So I converted it to an ldif using https://www.lisenet.com/2015/convert-openldap-schema-to-ldif/
dn: cn=custom,dc=example,dc=org
objectClass: olcSchemaConfig
cn: custom
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES
C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC
'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MUST uid MAY sshPubli
cKey )But perhaps I got the DN wrong?
I'm using this as a test setup:
version: "3"
networks:
openldap:
external: false
services:
openldapsrv:
image: openldap_whc:latest
environment:
- LDAP_ADMIN_USERNAME=admin
- LDAP_ADMIN_PASSWORD=admin
- LDAP_USERS=customuser
- LDAP_PASSWORDS=custompassword
- LDAP_ROOT=dc=example,dc=org
- LDAP_ADMIN_DN=cn=admin,dc=example,dc=org
restart: always
networks:
- openldap
ports:
- 389:1389
- 636:1636
phpldapadmin:
ports:
- 80:80
- 443:443
container_name: phpldapadmin
networks:
- openldap
environment:
- PHPLDAPADMIN_LDAP_HOSTS=ldap://openldapsrv:1389
image: osixia/phpldapadmin:0.9.0where openldap_whc is made from this Dockerfile:
FROM bitnami/openldap:2.6.6
ENV LDAP_CUSTOM_SCHEMA_DIR /schemas
COPY custom.ldif /ldifs/
COPY openssh-lpk_openldap.schema /schemas/where the custom.ldif file is given above, and the openssh-lpk_openldap.schema is from the link at the very top of this comment.
joshuacox
commented
1 year ago indeed, I got the dn wrong, after looking at the inetorgperson.ldif file I tried this one:
dn: cn=ldapPublicKey,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: openssh-lpk-openldap
olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES
C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC
'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MUST ( sshPublicKey $
uid ) )placing the above at /schema/custom.ldif solves my issue
Name and Version
bitnami/openldap:2.6.3
What architecture are you using?
amd64
What steps will reproduce the bug?
this returns nothing.
What is the expected behavior?
It should return something like this:
What do you see instead?
the first ldapsearch returns nothing
Additional information
My intent is to store an sshPublicKey for users.