Open igorbljahhin opened 7 years ago
xgodon
commented
7 years ago i think the easiest solution would be to add your ldif files after the service start, as it seems to make memeberof effective. Or you can build your own image and do somegarage stuff like launching a script in the background that wait 10seconds and then populate the DIT (after the 10 sec, the ldap will be started).
duketwo
commented
7 years ago Refactor the entrypoint.sh script?
Edit: Doesn't seem to work, currently struggling with the same problem. Will post an update if I found a solution.
duketwo
commented
7 years ago I get these in the logs: 594bf5ec <= bdb_equality_candidates: (memberOf) not indexed
duketwo
commented
7 years ago slapadd doesn't work with overlays, like memberOf. So the only workaround I'm aware of would be adding the groups with ldapadd while slapd is running.
duketwo
commented
7 years ago I'll add supervisord and add a script which checks if slapd is already running and then injecting the prepopulated data once.
duketwo
commented
7 years ago It's working fine when doing the said above. The supervisord script I've written therefore:
srollinet
commented
7 years ago Hi @duketwo
I have the same problem, but I don't fully understand what to do to make your solution work. Could you post a full procedure or a working fork?
Thanks a lot!
xgodon
commented
7 years ago i assume you have to delete the prepopulate part of the original entrypoint.sh (the
if [[ "$first_run" == "true" ]]; then if [[ -d "/etc/ldap/prepopulate" ]]; then for file in
ls /etc/ldap/prepopulate/*.ldif; do slapadd -F /etc/ldap/slapd.d -l "$file" done fi fi
block) you also have to run his script from the entrypoint.sh.
olegbakhirev
commented
6 years ago @xgodon Unfortunatelly script is gone :( And not clear what was there. Does that require adding some libraries to the image? @duketwo could you please repost it?
duketwo
commented
5 years ago https://github.com/duketwo/Shib-Idp/blob/master/ldap/populate.sh
If anybody still needs that
blizzz
commented
5 years ago What is possible to do in the entrypoint file is to:
set -m"$@" &slapadd use ldapadd to import prepopulation files
fgIt's somewhat ugly though… or @dinkel do you think this would be tolerable to fix the issue?
Hi!
I can't get the search of "memberOf" working. My setup using docker-compose is following:
version: "2"
services: openldap: image: dinkel/openldap:latest container_name: openldap environment: SLAPD_ORGANIZATION: "a company" SLAPD_DOMAIN: "rosinad.com" SLAPD_PASSWORD: "admin" SLAPD_CONFIG_PASSWORD: "config" SLAPD_ADDITIONAL_MODULES: "memberof" volumes:
I have three files in ./docker/openldap: 01-base.ldif, 02-users.ldif and 03-groups.ldif with following content (only important parts are shown):
01-base.ldif: dn: ou=people,dc=rosinad,dc=com objectclass: organizationalUnit ou: People
dn: ou=groups,dc=rosinad,dc=com objectclass: organizationalUnit ou: Groups
02-users.ldif: dn: uid=seagate_user,ou=people,dc=rosinad,dc=com cn: Seagate User sn: User gidnumber: 10000 homedirectory: /home/users/seagate_user objectClass: posixAccount objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person loginShell: /bin/bash uid: seagate_user uidnumber: 1001 userpassword: seagate_user
03-groups.ldif: dn: cn=GPWUSERS,ou=groups,dc=rosinad,dc=com cn: GPWUSERS objectClass: groupofnames member: uid=seagate_user,ou=people,dc=rosinad,dc=com
and search by the query "(&(objectClass=person)(memberOf=cn=GPWUSERS,ou=groups,dc=rosinad,dc=com))" is returning nothing.
But if I manually add the group with member after OpenLDAP is started, then the search is returning that one result.
My guess is that memberOf module is enabled after my files are prepopulated, but if I look at the source code of entrypoint script, then I see that prepopulation is performed in the end of the script.
Could you give me some hints that could be wrong with my approach?
thanks!