search

jp-gouin / helm-openldap

Helm chart of Openldap in High availability with multi-master replication and PhpLdapAdmin and Ltb-Passwd
Apache License 2.0
194 stars 118 forks source link

Issues bootstrapping with `customLdifFiles` #46

Closed pat-s closed 2 years ago

pat-s commented 2 years ago

I am facing moderate pain trying to start an HA instance with customLdifFiles.

It seems this might be related to https://github.com/jp-gouin/helm-openldap/issues/31. There, the issue that bootstrapping is skipped if one of the following dirs is not empty:

In my current instance, I see bootstrapping is skipped:

***  INFO   | 2021-10-30 16:17:44 | Start OpenLDAP...
***  INFO   | 2021-10-30 16:17:44 | Waiting for OpenLDAP to start...
***  INFO   | 2021-10-30 16:17:44 | Add TLS config...
***  INFO   | 2021-10-30 16:17:46 | Add replication config...
***  INFO   | 2021-10-30 16:17:50 | Stop OpenLDAP...
***  INFO   | 2021-10-30 16:17:50 | Configure ldap client TLS configuration...
***  INFO   | 2021-10-30 16:17:50 | Remove config files...
***  INFO   | 2021-10-30 16:17:50 | First start is done...
***  INFO   | 2021-10-30 16:17:50 | Remove file /container/environment/99-default/default.startup.yaml
***  INFO   | 2021-10-30 16:17:50 | Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.yaml

In /etc/ldap/slapd.d I see the following files

cn=config/                                    docker-openldap-was-admin-password-set        docker-openldap-was-started-with-tls
cn=config.ldif                                docker-openldap-was-started-with-replication

/var/lib/ldap contains the database, which might be empty during the first start. I've deployed fresh, i.e. with no PV and no PVC. Still, the bootstrapping is skipped. This let's me assume that something writes into this dir before https://github.com/osixia/docker-openldap/blob/v1.5.0/image/service/slapd/startup.sh#L182-L183 is reached.

I also checked with logLevel: debug, however there is no debugging line indicating why Bootstrapping might be skipped, so this action is not really helping.

Maybe @ivan-c can share how he made bootstrapping work?

@jp-gouin Are tests still working with respect to this as you mentioned in https://github.com/jp-gouin/helm-openldap/issues/31#issuecomment-841047132?

jp-gouin commented 2 years ago

Hi @pat-s , sorry I was a bit off the past few weeks. I ll look asap into your issue.

for the test yes it’s still working , for Ivan-c if I recall, there was an issue with his .ldif file Can you post yours and the values that you are using please ?

pat-s commented 2 years ago

Sure.

Here's the file, I masked all sensitive values

version: 1

# Entry 1: dc=test,dc=link
dn: dc=test,dc=link
dc: test
o: Example Inc.
objectclass: top
objectclass: dcObject
objectclass: organization

# Entry 2: cn=admin,dc=test,dc=link
dn: cn=admin,dc=test,dc=link
cn: admin
description: LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
objectclass: top
userpassword: foo

# Entry 3: ou=groups,dc=test,dc=link
dn: ou=groups,dc=test,dc=link
objectclass: organizationalUnit
objectclass: top
ou: groups

# Entry 5: cn=users,ou=groups,dc=test,dc=link
dn: cn=users,ou=groups,dc=test,dc=link
cn: users
gidnumber: 500
memberuid: admin
objectclass: posixGroup
objectclass: top

# Entry 6: ou=users,dc=test,dc=link
dn: ou=users,dc=test,dc=link
objectclass: organizationalUnit
objectclass: top
ou: users

# Entry 7: cn=admin admin,ou=users,dc=test,dc=link
dn: cn=admin admin,ou=users,dc=test,dc=link
cn: admin admin
gidnumber: 501
givenname: admin
homedirectory: /home/admin
loginshell: /bin/bash
mail: admin@test.com
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: admin
uid: admin
uidnumber: 10006
userpassword: foo

dn: cn=first last,ou=users,dc=test,dc=link
cn: first last
gidnumber: 500
givenname: first
homedirectory: /home/first
loginshell: /bin/bash
mail: foo@test.com
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: last
uid: first
uidnumber: 10001
userpassword: foo
jp-gouin commented 2 years ago

Hi @pat-s ,

Again sorry for the delay.

as a matter of fact those 2 entries are the problem as they are already created by the container image during first run.

# Entry 1: dc=test,dc=link
dn: dc=test,dc=link
dc: test
o: Example Inc.
objectclass: top
objectclass: dcObject
objectclass: organization

# Entry 2: cn=admin,dc=test,dc=link
dn: cn=admin,dc=test,dc=link
cn: admin
description: LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
objectclass: top
userpassword: foo

If you use 

    # Entry 3: ou=groups,dc=test,dc=link
    dn: ou=groups,dc=test,dc=link
    objectclass: organizationalUnit
    objectclass: top
    ou: groups

    # Entry 5: cn=users,ou=groups,dc=test,dc=link
    dn: cn=users,ou=groups,dc=test,dc=link
    cn: users
    gidnumber: 500
    memberuid: admin
    objectclass: posixGroup
    objectclass: top

    # Entry 6: ou=users,dc=test,dc=link
    dn: ou=users,dc=test,dc=link
    objectclass: organizationalUnit
    objectclass: top
    ou: users

    # Entry 7: cn=admin admin,ou=users,dc=test,dc=link
    dn: cn=admin admin,ou=users,dc=test,dc=link
    cn: admin admin
    gidnumber: 501
    givenname: admin
    homedirectory: /home/admin
    loginshell: /bin/bash
    mail: admin@test.com
    objectclass: inetOrgPerson
    objectclass: posixAccount
    objectclass: top
    sn: admin
    uid: admin
    uidnumber: 10006
    userpassword: foo

    dn: cn=first last,ou=users,dc=test,dc=link
    cn: first last
    gidnumber: 500
    givenname: first
    homedirectory: /home/first
    loginshell: /bin/bash
    mail: foo@test.com
    objectclass: inetOrgPerson
    objectclass: posixAccount
    objectclass: top
    sn: last
    uid: first
    uidnumber: 10001
    userpassword: foo

It works without issue , i have created a branch https://github.com/jp-gouin/helm-openldap/tree/pat-s-issue-boostrap with a values as example for you

You can set logLevel to debug to see what is happening for your ldif processing.

I'll add a troubleshooting section :)

pat-s commented 2 years ago

@jp-gouin Thanks for your help!

I've tried this but I am still not successful, even when using the exact values you used in the fork you linked :/

I've also started from scratch without using a persistent volume to just avoid any issues with existing deployments. There is no issue during deployment but the users are not created - and I don't see any hint in the log related to this, even though I've set logLevel: debug.

Any idea what I might be doing wrong?

Using helm chart version "2.1.6" with image.tag: stable and an ingress (which should not matter) - everything else is stock.

jp-gouin commented 2 years ago

Could you post the log of the first openldap pod during startup ?

pat-s commented 2 years ago

Here's the full debug log output of a new startup. I've redacted LDAP_PASSWORD and LDAP_DOMAIN.

Thanks a lot for your help!

Details ``` *** INFO | 2021-12-13 09:22:38 | CONTAINER_LOG_LEVEL = 4 (debug) *** INFO | 2021-12-13 09:22:38 | Copy /container/service to /container/run/service *** INFO | 2021-12-13 09:22:38 | Search service in CONTAINER_SERVICE_DIR = /container/run/service : *** INFO | 2021-12-13 09:22:38 | link /container/run/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools *** INFO | 2021-12-13 09:22:38 | link /container/run/service/slapd/startup.sh to /container/run/startup/slapd *** INFO | 2021-12-13 09:22:38 | link /container/run/service/slapd/process.sh to /container/run/process/slapd/run *** DEBUG | 2021-12-13 09:22:38 | Set environment for startup files *** DEBUG | 2021-12-13 09:22:38 | ignore : LANG = en_US.UTF-8 (keep LANG = en_US.UTF-8 ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LANGUAGE = en_US.UTF-8 (keep LANGUAGE = en_US:en ) *** INFO | 2021-12-13 09:22:38 | Environment files will be proccessed in this order : Caution: previously defined variables will not be overriden. /container/environment/99-default/default.startup.yaml /container/environment/99-default/default.yaml *** DEBUG | 2021-12-13 09:22:38 | process environment file : /container/environment/99-default/default.startup.yaml *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_ORGANISATION = Example Inc. (keep LDAP_ORGANISATION = Example Inc. ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_DOMAIN = example.org (keep LDAP_DOMAIN = $REDACTED ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_ADMIN_PASSWORD = admin (keep LDAP_ADMIN_PASSWORD = $REDACTED ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_CONFIG_PASSWORD = config (keep LDAP_CONFIG_PASSWORD = 3qV8MmWukdm7PXQc ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_READONLY_USER = False (keep LDAP_READONLY_USER = false ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_READONLY_USER_USERNAME = readonly (keep LDAP_READONLY_USER_USERNAME = readonly ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_READONLY_USER_PASSWORD = readonly (keep LDAP_READONLY_USER_PASSWORD = readonly ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_RFC2307BIS_SCHEMA = False (keep LDAP_RFC2307BIS_SCHEMA = false ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_BACKEND = mdb (keep LDAP_BACKEND = mdb ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS = True (keep LDAP_TLS = true ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS_CRT_FILENAME = ldap.crt (keep LDAP_TLS_CRT_FILENAME = tls.crt ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS_KEY_FILENAME = ldap.key (keep LDAP_TLS_KEY_FILENAME = tls.key ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS_DH_PARAM_FILENAME = dhparam.pem (keep LDAP_TLS_DH_PARAM_FILENAME = dhparam.pem ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS_CA_CRT_FILENAME = ca.crt (keep LDAP_TLS_CA_CRT_FILENAME = ca.crt ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS_ENFORCE = False (keep LDAP_TLS_ENFORCE = false ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS_CIPHER_SUITE = SECURE256:+SECURE128:-VERS-TLS-ALL:+VERS-TLS1.2:-RSA:-DHE-DSS:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC (keep LDAP_TLS_CIPHER_SUITE = NORMAL ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_TLS_VERIFY_CLIENT = demand (keep LDAP_TLS_VERIFY_CLIENT = never ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_REPLICATION = False (keep LDAP_REPLICATION = true ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_REPLICATION_CONFIG_SYNCPROV = binddn="cn=admin,cn=config" bindmethod=simple credentials="$LDAP_CONFIG_PASSWORD" searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical (keep LDAP_REPLICATION_CONFIG_SYNCPROV = binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_REPLICATION_DB_SYNCPROV = binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials="$LDAP_ADMIN_PASSWORD" searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical (keep LDAP_REPLICATION_DB_SYNCPROV = binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical tls_reqcert=never ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_REPLICATION_HOSTS = ['ldap://ldap.example.org', 'ldap://ldap2.example.org'] (keep LDAP_REPLICATION_HOSTS = #PYTHON2BASH:['ldap://openldap-openldap-stack-ha-0.openldap-openldap-stack-ha-headless.ldap.svc.cluster.local'] ) *** DEBUG | 2021-12-13 09:22:38 | ignore : KEEP_EXISTING_CONFIG = False (keep KEEP_EXISTING_CONFIG = false ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_REMOVE_CONFIG_AFTER_SETUP = True (keep LDAP_REMOVE_CONFIG_AFTER_SETUP = true ) *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_SSL_HELPER_PREFIX = ldap (keep LDAP_SSL_HELPER_PREFIX = ldap ) *** DEBUG | 2021-12-13 09:22:38 | process environment file : /container/environment/99-default/default.yaml *** DEBUG | 2021-12-13 09:22:38 | ignore : LDAP_LOG_LEVEL = 256 (keep LDAP_LOG_LEVEL = 256 ) *** DEBUG | 2021-12-13 09:22:38 | Run commands before startup... *** INFO | 2021-12-13 09:22:38 | Running /container/run/startup/:ssl-tools... *** DEBUG | 2021-12-13 09:22:38 | ------------ Environment dump ------------ *** DEBUG | 2021-12-13 09:22:38 | PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin *** DEBUG | 2021-12-13 09:22:38 | HOSTNAME = openldap-openldap-stack-ha-0 *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_DH_PARAM_FILENAME = dhparam.pem *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION = true *** DEBUG | 2021-12-13 09:22:38 | LDAP_READONLY_USER_USERNAME = readonly *** DEBUG | 2021-12-13 09:22:38 | POD_NAME = openldap-openldap-stack-ha-0 *** DEBUG | 2021-12-13 09:22:38 | LDAP_LOG_LEVEL = 256 *** DEBUG | 2021-12-13 09:22:38 | LDAP_SSL_HELPER_PREFIX = ldap *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_CIPHER_SUITE = NORMAL *** DEBUG | 2021-12-13 09:22:38 | CONTAINER_LOG_LEVEL = 4 *** DEBUG | 2021-12-13 09:22:38 | LDAP_ADMIN_PASSWORD = $REDACTED *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS = true *** DEBUG | 2021-12-13 09:22:38 | LDAP_READONLY_USER = false *** DEBUG | 2021-12-13 09:22:38 | LDAP_CONFIG_PASSWORD = 3qV8MmWukdm7PXQc *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_KEY_FILENAME = tls.key *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_CONFIG_SYNCPROV = binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never *** DEBUG | 2021-12-13 09:22:38 | LDAP_DOMAIN = $REDACTED *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_HOSTS = #COMPLEX_BASH_ENV:TABLE: LDAP_REPLICATION_HOSTS_ROW_1 *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_PROTOCOL_MIN = 3.0 *** DEBUG | 2021-12-13 09:22:38 | LDAP_REMOVE_CONFIG_AFTER_SETUP = true *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_REQCERT = never *** DEBUG | 2021-12-13 09:22:38 | LDAP_BACKEND = mdb *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_DB_SYNCPROV = binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical tls_reqcert=never *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_VERIFY_CLIENT = never *** DEBUG | 2021-12-13 09:22:38 | LDAP_RFC2307BIS_SCHEMA = false *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_CRT_FILENAME = tls.crt *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_ENFORCE = false *** DEBUG | 2021-12-13 09:22:38 | LDAP_READONLY_USER_PASSWORD = readonly *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_CA_CRT_FILENAME = ca.crt *** DEBUG | 2021-12-13 09:22:38 | LDAP_ORGANISATION = Example Inc. *** DEBUG | 2021-12-13 09:22:38 | KEEP_EXISTING_CONFIG = false *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_SERVICE_HOST = 172.20.0.1 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP = tcp://172.20.0.1:443 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP_PORT = 443 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_ADDR = 172.20.211.233 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_SERVICE_HOST = 172.20.211.233 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_ADDR = 172.20.164.46 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_SERVICE_PORT_HTTPS = 443 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_SERVICE_PORT = 80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_SERVICE_PORT_HTTP = 80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_HOST = 172.20.164.46 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_SERVICE_PORT = 443 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT = tcp://172.20.0.1:443 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT = tcp://172.20.211.233:80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_PORT = 80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP = tcp://172.20.164.46:389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_PORT = 636 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP_ADDR = 172.20.0.1 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP = tcp://172.20.211.233:80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT_LDAP_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT_SSL_LDAP_PORT = 636 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT = tcp://172.20.164.46:389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_ADDR = 172.20.164.46 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP = tcp://172.20.164.46:636 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | LANG = en_US.UTF-8 *** DEBUG | 2021-12-13 09:22:38 | LANGUAGE = en_US:en *** DEBUG | 2021-12-13 09:22:38 | LC_ALL = en_US.UTF-8 *** DEBUG | 2021-12-13 09:22:38 | HOME = /root *** DEBUG | 2021-12-13 09:22:38 | CONTAINER_SERVICE_DIR = /container/run/service *** DEBUG | 2021-12-13 09:22:38 | CONTAINER_STATE_DIR = /container/run/state *** DEBUG | 2021-12-13 09:22:38 | INITRD = no *** DEBUG | 2021-12-13 09:22:38 | LC_CTYPE = en_US.UTF-8 *** DEBUG | 2021-12-13 09:22:38 | LDAP_BASE_DN = *** DEBUG | 2021-12-13 09:22:38 | SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED = slapd *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDIF_PATH = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_SCHEMA_PATH = *** DEBUG | 2021-12-13 09:22:38 | LDAP_NOFILE = 1024 *** DEBUG | 2021-12-13 09:22:38 | DISABLE_CHOWN = False *** DEBUG | 2021-12-13 09:22:38 | LDAP_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | LDAPS_PORT = 636 *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_HOSTS_ROW_1 = ldap://openldap-openldap-stack-ha-0.openldap-openldap-stack-ha-headless.ldap.svc.cluster.local *** DEBUG | 2021-12-13 09:22:38 | ------------------------------------------ *** INFO | 2021-12-13 09:22:38 | Running /container/run/startup/slapd... *** DEBUG | 2021-12-13 09:22:38 | ------------ Environment dump ------------ *** DEBUG | 2021-12-13 09:22:38 | CONTAINER_LOG_LEVEL = 4 *** DEBUG | 2021-12-13 09:22:38 | CONTAINER_SERVICE_DIR = /container/run/service *** DEBUG | 2021-12-13 09:22:38 | CONTAINER_STATE_DIR = /container/run/state *** DEBUG | 2021-12-13 09:22:38 | DISABLE_CHOWN = False *** DEBUG | 2021-12-13 09:22:38 | HOME = /root *** DEBUG | 2021-12-13 09:22:38 | HOSTNAME = openldap-openldap-stack-ha-0 *** DEBUG | 2021-12-13 09:22:38 | INITRD = no *** DEBUG | 2021-12-13 09:22:38 | KEEP_EXISTING_CONFIG = false *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT = tcp://172.20.0.1:443 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP = tcp://172.20.0.1:443 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP_ADDR = 172.20.0.1 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP_PORT = 443 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_PORT_443_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_SERVICE_HOST = 172.20.0.1 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_SERVICE_PORT = 443 *** DEBUG | 2021-12-13 09:22:38 | KUBERNETES_SERVICE_PORT_HTTPS = 443 *** DEBUG | 2021-12-13 09:22:38 | LANG = en_US.UTF-8 *** DEBUG | 2021-12-13 09:22:38 | LANGUAGE = en_US:en *** DEBUG | 2021-12-13 09:22:38 | LC_ALL = en_US.UTF-8 *** DEBUG | 2021-12-13 09:22:38 | LC_CTYPE = en_US.UTF-8 *** DEBUG | 2021-12-13 09:22:38 | LDAPS_PORT = 636 *** DEBUG | 2021-12-13 09:22:38 | LDAP_ADMIN_PASSWORD = $REDACTED *** DEBUG | 2021-12-13 09:22:38 | LDAP_BACKEND = mdb *** DEBUG | 2021-12-13 09:22:38 | LDAP_BASE_DN = *** DEBUG | 2021-12-13 09:22:38 | LDAP_CONFIG_PASSWORD = 3qV8MmWukdm7PXQc *** DEBUG | 2021-12-13 09:22:38 | LDAP_DOMAIN = $REDACTED *** DEBUG | 2021-12-13 09:22:38 | LDAP_LOG_LEVEL = 256 *** DEBUG | 2021-12-13 09:22:38 | LDAP_NOFILE = 1024 *** DEBUG | 2021-12-13 09:22:38 | LDAP_ORGANISATION = Example Inc. *** DEBUG | 2021-12-13 09:22:38 | LDAP_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | LDAP_READONLY_USER = false *** DEBUG | 2021-12-13 09:22:38 | LDAP_READONLY_USER_PASSWORD = readonly *** DEBUG | 2021-12-13 09:22:38 | LDAP_READONLY_USER_USERNAME = readonly *** DEBUG | 2021-12-13 09:22:38 | LDAP_REMOVE_CONFIG_AFTER_SETUP = true *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION = true *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_CONFIG_SYNCPROV = binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_DB_SYNCPROV = binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical tls_reqcert=never *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_HOSTS = #COMPLEX_BASH_ENV:TABLE: LDAP_REPLICATION_HOSTS_ROW_1 *** DEBUG | 2021-12-13 09:22:38 | LDAP_REPLICATION_HOSTS_ROW_1 = ldap://openldap-openldap-stack-ha-0.openldap-openldap-stack-ha-headless.ldap.svc.cluster.local *** DEBUG | 2021-12-13 09:22:38 | LDAP_RFC2307BIS_SCHEMA = false *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_LDIF_PATH = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SEED_INTERNAL_SCHEMA_PATH = *** DEBUG | 2021-12-13 09:22:38 | LDAP_SSL_HELPER_PREFIX = ldap *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS = true *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_CA_CRT_FILENAME = ca.crt *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_CIPHER_SUITE = NORMAL *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_CRT_FILENAME = tls.crt *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_DH_PARAM_FILENAME = dhparam.pem *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_ENFORCE = false *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_KEY_FILENAME = tls.key *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_PROTOCOL_MIN = 3.0 *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_REQCERT = never *** DEBUG | 2021-12-13 09:22:38 | LDAP_TLS_VERIFY_CLIENT = never *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT = tcp://172.20.164.46:389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP = tcp://172.20.164.46:389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_ADDR = 172.20.164.46 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP = tcp://172.20.164.46:636 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_ADDR = 172.20.164.46 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_PORT = 636 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_HOST = 172.20.164.46 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT_LDAP_PORT = 389 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT_SSL_LDAP_PORT = 636 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT = tcp://172.20.211.233:80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP = tcp://172.20.211.233:80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_ADDR = 172.20.211.233 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_PORT = 80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_SERVICE_HOST = 172.20.211.233 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_SERVICE_PORT = 80 *** DEBUG | 2021-12-13 09:22:38 | OPENLDAP_PHPLDAPADMIN_SERVICE_PORT_HTTP = 80 *** DEBUG | 2021-12-13 09:22:38 | PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin *** DEBUG | 2021-12-13 09:22:38 | POD_NAME = openldap-openldap-stack-ha-0 *** DEBUG | 2021-12-13 09:22:38 | SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED = slapd *** DEBUG | 2021-12-13 09:22:38 | ------------------------------------------ *** INFO | 2021-12-13 09:22:38 | openldap user and group adjustments *** INFO | 2021-12-13 09:22:38 | get current openldap uid/gid info inside container *** INFO | 2021-12-13 09:22:38 | ------------------------------------- *** INFO | 2021-12-13 09:22:38 | openldap GID/UID *** INFO | 2021-12-13 09:22:38 | ------------------------------------- *** INFO | 2021-12-13 09:22:38 | User uid: 911 *** INFO | 2021-12-13 09:22:38 | User gid: 911 *** INFO | 2021-12-13 09:22:38 | uid/gid changed: false *** INFO | 2021-12-13 09:22:38 | ------------------------------------- *** INFO | 2021-12-13 09:22:38 | updating file uid/gid ownership *** INFO | 2021-12-13 09:22:39 | Start OpenLDAP... *** INFO | 2021-12-13 09:22:39 | Waiting for OpenLDAP to start... 61b710df @(#) $OpenLDAP: slapd 2.4.57+dfsg-1~bpo10+1 (Jan 30 2021 06:59:51) $ Debian OpenLDAP Maintainers 61b710df slapd starting *** INFO | 2021-12-13 09:22:39 | Add TLS config... *** DEBUG | 2021-12-13 09:22:39 | Hi! I'm ssl-helper, what button should i press ? *** DEBUG | 2021-12-13 09:22:39 | cfssl-helper is launched, everybody on the floor! *** INFO | 2021-12-13 09:22:39 | No certificate file and certificate key provided, generate: *** INFO | 2021-12-13 09:22:39 | /container/run/service/slapd/assets/certs/tls.crt and /container/run/service/slapd/assets/certs/tls.key *** DEBUG | 2021-12-13 09:22:39 | use /container/run/service/:ssl-tools/assets/default-ca/config/req-csr.json.tmpl as csr file *** DEBUG | 2021-12-13 09:22:39 | cfssl gencert -loglevel 0 -ca /tmp/ca-cert-file -ca-key /tmp/ca-key-file -hostname openldap-openldap-stack-ha-0 /tmp/csr-file | cfssljson -bare /tmp/cert 2021/12/13 09:22:39 [INFO] generate received request 2021/12/13 09:22:39 [INFO] received CSR 2021/12/13 09:22:39 [INFO] generating key: ecdsa-384 2021/12/13 09:22:39 [DEBUG] generate key from request: algo=ecdsa, size=384 2021/12/13 09:22:39 [INFO] encoded CSR 2021/12/13 09:22:39 [DEBUG] validating configuration 2021/12/13 09:22:39 [DEBUG] validate local profile 2021/12/13 09:22:39 [DEBUG] profile is valid 2021/12/13 09:22:39 [DEBUG] Loading CA: /tmp/ca-cert-file 2021/12/13 09:22:39 [DEBUG] Loading CA key: /tmp/ca-key-file 2021/12/13 09:22:39 [DEBUG] validating configuration 2021/12/13 09:22:39 [DEBUG] validate local profile 2021/12/13 09:22:39 [DEBUG] profile is valid 2021/12/13 09:22:39 [INFO] signed certificate with serial number 10884250050392466019493670664587773652804176232 *** DEBUG | 2021-12-13 09:22:39 | move /tmp/cert.pem to /container/run/service/slapd/assets/certs/tls.crt *** DEBUG | 2021-12-13 09:22:39 | move /tmp/cert-key.pem to /container/run/service/slapd/assets/certs/tls.key *** INFO | 2021-12-13 09:22:39 | Link /container/run/service/:ssl-tools/assets/default-ca/default-ca.pem to /container/run/service/slapd/assets/certs/ca.crt *** DEBUG | 2021-12-13 09:22:39 | done :) Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time 61b710f6 conn=1000 fd=12 ACCEPT from IP=10.0.1.99:50648 (IP=0.0.0.0:389) 61b710f6 conn=1001 fd=13 ACCEPT from IP=10.0.1.99:50650 (IP=0.0.0.0:389) 61b71141 conn=1016 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) 61b71141 conn=1016 op=0 BIND dn="" method=163 61b71141 conn=1016 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 61b71141 conn=1016 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 61b71141 conn=1016 op=0 RESULT tag=97 err=0 text= 61b71141 conn=1016 op=1 MOD dn="cn=config" 61b71141 conn=1016 op=1 MOD attr=olcTLSCipherSuite olcTLSCACertificateFile olcTLSCertificateFile olcTLSCertificateKeyFile olcTLSDHParamFile olcTLSVerifyClient 61b71141 conn=1016 op=1 RESULT tag=103 err=0 text= 61b71141 conn=1016 op=2 UNBIND 61b71141 conn=1016 fd=12 closed *** DEBUG | 2021-12-13 09:24:17 | modifying entry "cn=config" *** INFO | 2021-12-13 09:24:17 | Add replication config... 61b71141 conn=1017 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) 61b71141 conn=1017 op=0 BIND dn="" method=163 61b71141 conn=1017 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 61b71141 conn=1017 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 61b71141 conn=1017 op=0 RESULT tag=97 err=0 text= 61b71141 conn=1017 op=1 MOD dn="olcDatabase={1}mdb,cn=config" 61b71141 conn=1017 op=1 MOD attr=olcSyncRepl olcMirrorMode olcLimits 61b71141 conn=1017 op=1 RESULT tag=103 err=16 text=modify/delete: olcSyncrepl: no such attribute 61b71141 conn=1017 op=2 DEL dn="olcOverlay=syncprov,olcDatabase={1}mdb,cn=config" 61b71141 conn=1017 op=2 RESULT tag=107 err=53 text= 61b71141 conn=1017 op=3 MOD dn="olcDatabase={0}config,cn=config" 61b71141 conn=1017 op=3 MOD attr=olcSyncRepl olcMirrorMode 61b71141 conn=1017 op=3 RESULT tag=103 err=16 text=modify/delete: olcSyncrepl: no such attribute 61b71141 conn=1017 op=4 DEL dn="olcOverlay=syncprov,olcDatabase={0}config,cn=config" 61b71141 conn=1017 op=4 RESULT tag=107 err=53 text= 61b71141 conn=1017 op=5 MOD dn="cn=config" 61b71141 conn=1017 op=5 MOD attr=olcServerID 61b71141 conn=1017 op=5 RESULT tag=103 err=16 text=modify/delete: olcServerID: no such attribute 61b71141 conn=1017 op=6 UNBIND 61b71141 conn=1017 fd=12 closed *** DEBUG | 2021-12-13 09:24:17 | ldap_modify: No such attribute (16) additional info: modify/delete: olcSyncrepl: no such attribute ldap_delete: Server is unwilling to perform (53) ldap_modify: No such attribute (16) additional info: modify/delete: olcSyncrepl: no such attribute ldap_delete: Server is unwilling to perform (53) ldap_modify: No such attribute (16) additional info: modify/delete: olcServerID: no such attribute modifying entry "olcDatabase={1}mdb,cn=config" deleting entry "olcOverlay=syncprov,olcDatabase={1}mdb,cn=config" modifying entry "olcDatabase={0}config,cn=config" deleting entry "olcOverlay=syncprov,olcDatabase={0}config,cn=config" modifying entry "cn=config" 61b71141 conn=1018 fd=12 ACCEPT from PATH=/var/run/slapd/ldapi (PATH=/var/run/slapd/ldapi) 61b71141 conn=1018 op=0 BIND dn="" method=163 61b71141 conn=1018 op=0 BIND authcid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" 61b71141 conn=1018 op=0 BIND dn="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" mech=EXTERNAL sasl_ssf=0 ssf=71 61b71141 conn=1018 op=0 RESULT tag=97 err=0 text= 61b71141 conn=1018 op=1 MOD dn="cn=module{0},cn=config" 61b71141 conn=1018 op=1 MOD attr=olcModuleLoad 61b71141 conn=1018 op=1 RESULT tag=103 err=0 text= 61b71141 conn=1018 op=2 MOD dn="cn=config" 61b71141 conn=1018 op=2 MOD attr=olcServerID 61b71141 conn=1018 op=2 RESULT tag=103 err=0 text= 61b71141 conn=1018 op=3 ADD dn="olcOverlay=syncprov,olcDatabase={0}config,cn=config" 61b71141 conn=1018 op=3 RESULT tag=105 err=0 text= 61b71141 conn=1018 op=4 MOD dn="olcDatabase={0}config,cn=config" 61b71141 conn=1018 op=4 MOD attr=olcSyncRepl olcMirrorMode 61b71141 olcMirrorMode: value #0: database is not a shadow 61b71141 conn=1018 op=4 RESULT tag=103 err=80 text= database is not a shadow 61b71141 conn=1018 op=5 ADD dn="olcOverlay=syncprov,olcDatabase={1}mdb,cn=config" 61b71141 conn=1018 op=5 RESULT tag=105 err=0 text= 61b71141 conn=1018 op=6 MOD dn="olcDatabase={1}mdb,cn=config" 61b71141 conn=1018 op=6 MOD attr=olcSyncRepl olcMirrorMode olcLimits 61b71141 olcMirrorMode: value #0: database is not a shadow 61b71141 conn=1018 op=6 RESULT tag=103 err=80 text= database is not a shadow 61b71141 conn=1018 op=7 UNBIND 61b71141 conn=1018 fd=12 closed *** DEBUG | 2021-12-13 09:24:17 | ldap_modify: Other (e.g., implementation specific) error (80) additional info: database is not a shadow ldap_modify: Other (e.g., implementation specific) error (80) additional info: database is not a shadow modifying entry "cn=module{0},cn=config" modifying entry "cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={0}config,cn=config" modifying entry "olcDatabase={0}config,cn=config" adding new entry "olcOverlay=syncprov,olcDatabase={1}mdb,cn=config" modifying entry "olcDatabase={1}mdb,cn=config" *** INFO | 2021-12-13 09:24:17 | Stop OpenLDAP... 61b71141 daemon: shutdown requested and initiated. 61b71141 slapd shutdown: waiting for 0 operations/tasks to finish 61b71141 slapd stopped. *** INFO | 2021-12-13 09:24:17 | Configure ldap client TLS configuration... *** INFO | 2021-12-13 09:24:17 | Remove config files... *** INFO | 2021-12-13 09:24:17 | First start is done... *** DEBUG | 2021-12-13 09:24:17 | Set environment for container process *** INFO | 2021-12-13 09:24:17 | Remove file /container/environment/99-default/default.startup.yaml *** DEBUG | 2021-12-13 09:24:17 | ignore : LANG = en_US.UTF-8 (keep LANG = en_US.UTF-8 ) *** DEBUG | 2021-12-13 09:24:17 | ignore : LANGUAGE = en_US.UTF-8 (keep LANGUAGE = en_US:en ) *** INFO | 2021-12-13 09:24:17 | Environment files will be proccessed in this order : Caution: previously defined variables will not be overriden. /container/environment/99-default/default.yaml *** DEBUG | 2021-12-13 09:24:17 | process environment file : /container/environment/99-default/default.yaml *** DEBUG | 2021-12-13 09:24:17 | ignore : LDAP_LOG_LEVEL = 256 (keep LDAP_LOG_LEVEL = 256 ) *** DEBUG | 2021-12-13 09:24:17 | Run commands before process... *** DEBUG | 2021-12-13 09:24:17 | ------------ Environment dump ------------ *** DEBUG | 2021-12-13 09:24:17 | PATH = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin *** DEBUG | 2021-12-13 09:24:17 | HOSTNAME = openldap-openldap-stack-ha-0 *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_DH_PARAM_FILENAME = dhparam.pem *** DEBUG | 2021-12-13 09:24:17 | LDAP_REPLICATION = true *** DEBUG | 2021-12-13 09:24:17 | LDAP_READONLY_USER_USERNAME = readonly *** DEBUG | 2021-12-13 09:24:17 | POD_NAME = openldap-openldap-stack-ha-0 *** DEBUG | 2021-12-13 09:24:17 | LDAP_LOG_LEVEL = 256 *** DEBUG | 2021-12-13 09:24:17 | LDAP_SSL_HELPER_PREFIX = ldap *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_CIPHER_SUITE = NORMAL *** DEBUG | 2021-12-13 09:24:17 | CONTAINER_LOG_LEVEL = 4 *** DEBUG | 2021-12-13 09:24:17 | LDAP_ADMIN_PASSWORD = $REDACTED *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS = true *** DEBUG | 2021-12-13 09:24:17 | LDAP_READONLY_USER = false *** DEBUG | 2021-12-13 09:24:17 | LDAP_CONFIG_PASSWORD = 3qV8MmWukdm7PXQc *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_KEY_FILENAME = tls.key *** DEBUG | 2021-12-13 09:24:17 | LDAP_REPLICATION_CONFIG_SYNCPROV = binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never *** DEBUG | 2021-12-13 09:24:17 | LDAP_DOMAIN = $REDACTED *** DEBUG | 2021-12-13 09:24:17 | LDAP_REPLICATION_HOSTS = #COMPLEX_BASH_ENV:TABLE: LDAP_REPLICATION_HOSTS_ROW_1 *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_PROTOCOL_MIN = 3.0 *** DEBUG | 2021-12-13 09:24:17 | LDAP_REMOVE_CONFIG_AFTER_SETUP = true *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_REQCERT = never *** DEBUG | 2021-12-13 09:24:17 | LDAP_BACKEND = mdb *** DEBUG | 2021-12-13 09:24:17 | LDAP_REPLICATION_DB_SYNCPROV = binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical tls_reqcert=never *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_VERIFY_CLIENT = never *** DEBUG | 2021-12-13 09:24:17 | LDAP_RFC2307BIS_SCHEMA = false *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_CRT_FILENAME = tls.crt *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_ENFORCE = false *** DEBUG | 2021-12-13 09:24:17 | LDAP_READONLY_USER_PASSWORD = readonly *** DEBUG | 2021-12-13 09:24:17 | LDAP_TLS_CA_CRT_FILENAME = ca.crt *** DEBUG | 2021-12-13 09:24:17 | LDAP_ORGANISATION = Example Inc. *** DEBUG | 2021-12-13 09:24:17 | KEEP_EXISTING_CONFIG = false *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_SERVICE_HOST = 172.20.0.1 *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_PORT_443_TCP = tcp://172.20.0.1:443 *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_PORT_443_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_PORT_443_TCP_PORT = 443 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_ADDR = 172.20.211.233 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT = 389 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_SERVICE_HOST = 172.20.211.233 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_ADDR = 172.20.164.46 *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_SERVICE_PORT_HTTPS = 443 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_SERVICE_PORT = 80 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_SERVICE_PORT_HTTP = 80 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_HOST = 172.20.164.46 *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_SERVICE_PORT = 443 *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_PORT = tcp://172.20.0.1:443 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_PORT = tcp://172.20.211.233:80 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_PORT = 80 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP = tcp://172.20.164.46:389 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_PORT = 636 *** DEBUG | 2021-12-13 09:24:17 | KUBERNETES_PORT_443_TCP_ADDR = 172.20.0.1 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP = tcp://172.20.211.233:80 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT_LDAP_PORT = 389 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_SERVICE_PORT_SSL_LDAP_PORT = 636 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT = tcp://172.20.164.46:389 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_ADDR = 172.20.164.46 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP = tcp://172.20.164.46:636 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_PHPLDAPADMIN_PORT_80_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_389_TCP_PORT = 389 *** DEBUG | 2021-12-13 09:24:17 | OPENLDAP_OPENLDAP_STACK_HA_PORT_636_TCP_PROTO = tcp *** DEBUG | 2021-12-13 09:24:17 | LANG = en_US.UTF-8 *** DEBUG | 2021-12-13 09:24:17 | LANGUAGE = en_US:en *** DEBUG | 2021-12-13 09:24:17 | LC_ALL = en_US.UTF-8 *** DEBUG | 2021-12-13 09:24:17 | HOME = /root *** DEBUG | 2021-12-13 09:24:17 | CONTAINER_SERVICE_DIR = /container/run/service *** DEBUG | 2021-12-13 09:24:17 | CONTAINER_STATE_DIR = /container/run/state *** DEBUG | 2021-12-13 09:24:17 | INITRD = no *** DEBUG | 2021-12-13 09:24:17 | LC_CTYPE = en_US.UTF-8 *** DEBUG | 2021-12-13 09:24:17 | LDAP_NOFILE = 1024 *** DEBUG | 2021-12-13 09:24:17 | DISABLE_CHOWN = False *** DEBUG | 2021-12-13 09:24:17 | LDAP_PORT = 389 *** DEBUG | 2021-12-13 09:24:17 | LDAPS_PORT = 636 *** DEBUG | 2021-12-13 09:24:17 | LDAP_REPLICATION_HOSTS_ROW_1 = ldap://openldap-openldap-stack-ha-0.openldap-openldap-stack-ha-headless.ldap.svc.cluster.local *** DEBUG | 2021-12-13 09:24:17 | ------------------------------------------ *** INFO | 2021-12-13 09:24:17 | Running /container/run/process/slapd/run... *** DEBUG | 2021-12-13 09:24:17 | /container/run/process/slapd/run started as PID 221 61b71141 @(#) $OpenLDAP: slapd 2.4.57+dfsg-1~bpo10+1 (Jan 30 2021 06:59:51) $ Debian OpenLDAP Maintainers 61b71141 slapd starting ```
pat-s commented 2 years ago

I was never successful to get it working with our current structure but using a fresh deployment without a PV and carefully adding the required buildings blocks (groups, users, etc.) made it work 🎉

If persistence is enabled, bootstrapping will be skipped.

Thanks for your help @jp-gouin, definitely helped me along the way!