Closed avodapalli2 closed 1 month ago
Hi @avodapalli2
Can you please include logs of openldap
pod ?
Include the log of the first execution of the pod <openldap>-0
Can you also include the values
that you used
Thanks
So you are using only 1 replicas so you should turn off the replication
replication:
enabled: false
btw the log file is not the first execution or you are re-deploying the chart because of this trace
09:40:44.10 INFO ==> Using persisted data
So if you changed your customAcls
or customLdifFiles
without cleaning (removing pvc
the namespace they wont be took into account.
Are you able to ldapsearch
against your base ?
when i removed custom acl it works. I am not sure what is the problem with my custom acl. will you be able help with that?
same acl was working with my old helm chart with version 3.0.1 as custom ldiff files set mounted at /container/service/slapd/assets/config/bootstrap/ldif/custom. but now it does not work with customldiff or customacl either.
So between 3.x
and 4.x
the chart uses a newer version of openldap that included breaking changes.
so your acl is using the old scheme :
dn: olcDatabase={1}mdb,cn=config
where it should be now
dn: olcDatabase={2}mdb,cn=config
Can you add .ldif
to your customSchemaFiles pwm.schema
? otherwise I'm afraid the file will be ignore (or break the deployment)
What are the logs ?
Okay, so your customSchemaFiles
is not a valid ldif
file it misses dn
objectclass
etc
The pwm project provide a more valid file I think here but the identation seems off.
You should end-up with something like :
dn: cn=pwm,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: pwm
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.1 NAME 'pwmEventLog' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.2 NAME 'pwmResponseSet' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.3 NAME 'pwmLastPwdUpdate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.4 NAME 'pwmGUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.6 NAME 'pwmOtpSecret' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: ( 1.3.6.1.4.1.35015.1.2.7 NAME 'pwmData' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: ( 1.3.6.1.4.1.35015.1.1.1 NAME 'pwmUser' AUXILIARY MAY ( pwmLastPwdUpdate $ pwmEventLog $ pwmResponseSet $ pwmOtpSecret $ pwmGUID $ pwmData ) )
There are multiples errors in the log file
ldap_modify: Insufficient access (50)
ldap_add: No such object (32)
Cannot find socket's device number.
I would suggest that you start from a less complicated setup , only with your schema and then start adding one by one your custom ldif and see what's going on .
Thanks for your suggestion, only with schema it works and when i login to phpadmin it shows my orgranisation as "example" instead of what i set in LDAP_ORGANISATION environmet variable. And i still get issue with ldiff even if i add very simple one ldiff with below entry dn: ou=People,dc=skat-classic,dc=dxc,dc=com associateddomain: dxc.com objectclass: top objectclass: organizationalUnit objectclass: domainRelatedObject ou: People
I get error as ldap_add: No such object (32) adding new entry "ou=People,dc=skat-classic,dc=dxc,dc=com"
So when you want to boostrap your custom ldif you need to create the organisation
object
dn: dc=test,dc=example
dc: test
o: Example Inc.
objectclass: top
objectclass: dcObject
objectclass: organization
A default tree (Root organisation, users and group) is created during startup (using the value of global.ldapDomain
), this can be skipped using LDAP_SKIP_DEFAULT_TREE , however you need to use customLdifFiles or customLdifCm to create a root organisation and fill the global.ldapDomain
.
I have set the gobal.ldapDomain so domain is created correctly. only thing is it shows organisation as example
thank you so much for your help , now i am able to add all the ldiff files but seems like readonly earlier i created using LDAP_READONLY_USER_USERNAME and LDAP_READONLY_USER_PASSWORD environment variables but that does not work with new version 4 helmchart
anyway we can close this case. Thank you very much for your help.
After installing helm chart and enabling tls and ingress i get below error after logging in with admin user in phpadmin
Array ( [class] => N/A [function] => debug_dump [file] => /var/www/phpldapadmin/lib/functions.php [line] => 723 [debug] => Array ( [Incoming MSG] => Array ( [title] => Could not start TLS. (openldap.ldap) [body] => Error: Could not start TLS. Please check your LDAP server configuration. [type] => error )
)