search

jp-gouin / helm-openldap

Helm chart of Openldap in High availability with multi-master replication and PhpLdapAdmin and Ltb-Passwd
Apache License 2.0
199 stars 118 forks source link

LDAP_CONFIG_ADMIN_ENABLED duplicated, causing yaml unmarshalling errors. #85

Closed Northcode closed 1 year ago

Northcode commented 1 year ago

Describe the bug Commit af2c860ba910015ea18e0824a265fb802afaed8a, introduced a bug where LDAP_CONFIG_ADMIN_ENABLED is defined both in the configmap-env template, and the values.yaml file, which gets inserted into the template, causing duplicate key errors when deploying: Helm upgrade failed: error while running post render on files: map[string]interface {}(nil): yaml: unmarshal errors: line 28: mapping key "LDAP_CONFIG_ADMIN_ENABLED" already defined at line 22

To Reproduce Install the chart without specifying anything in values.env

You probably want to remove it from the configmap-env template, or only have it in the template if it is not defined in values.

jp-gouin commented 1 year ago

Hey @Northcode , could you check out v4.0.1 , I deleted the key in the CM

Northcode commented 1 year ago

It seems to deploy now. But after upgrading my base domain has changed to dc=example,dc=org and all my objects are gone. Keeping the same PVCs. Reverting to 3.0.2 again restored all my ldap-data. Is there some change to the way initialization is done in 4? I'm not using customLdifFiles. My values (passwords stripped):

customTLS:
  enabled: false
global:
  adminPassword: <PASS>
  configPassword: <PASS>
  imagePullSecrets: []
  ldapDomain: northcode.no
  ldapPort: 389 # reset port to 389 to avoid breaking other services
  storageClass: local-path
image:
  repository: registry.local/northcode/ldap # custom build of oxixia image with password policy olc added
  tag: latest
phpldapadmin:
  enabled: true
  env:
    PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: never
  ingress:
    enabled: true
    hosts:
    - phpldapadmin.int.northcode.no
    path: /
ltb-passwd:
  enabled: true
  ingress:
    enabled: true
    host: "ldap-pass.int.northcode.no"
replicaCount: 2
service:
  externalTrafficPolicy: Local
  type: LoadBalancer
persistence:
  enabled: true
  storageClass: openebs-zfspv
  size: 4Gi
jp-gouin commented 1 year ago

Ah i see, now the image has changed to Openldap Bitnami and you are using a custom Osixia image .

That is why I did a major bump in the chart version .

the PVC is not mount to the same dir anymore, which explain why you are losing your data , you could try to add your custom build with password policy to the new Openldap .

note that support of custom scheme will be supported in a future release

If you need to upgrade between the previous version , I suggest to export your base into ldifs and import them in a fresh instance of the latest version

Northcode commented 1 year ago

Ah, that would explain why! I'll have a look into switching to the new image then. Since the original issue is resolved I'm marking this as solved, thanks for the help!