Container won't restart --replication + ldaps ---read_config: no serverID / URL match found. Check slapd -h arguments.

rlaflamme commented 5 years ago

Hello, I previously opened a case about replication + LDAP_TLS_ENFORCE:true. (case #289 ) This case is about replication + ldaps (636) only.

Again, we have deployed 2 openldap containers with host replication. We need pass traffic on port 636 only and use ldaps for the host replication. Each container are on their own RHEL7 linux server with docker engine installed and no clusters. We have mounted 2 docker volumes for /var/lib/ldap and /etc/ldap/slapd.d. We have created our custom image based on "extend-osixia-openldap" . In attachment you will find:

a Dockerfile,
a startup script
a startup file
2 log files for openldap. 1.txt (start successful) and 2.txt (restart and crash)

Here's the scenario:

ldap1 and ldap2 are not created yet

On ldap 1:

start the container

create 2 new volumes
start container, populate docker volumes Everything is up running, no issues. (see 1.txt)

When I restart the openldap container,

use existing docker volumes Container won"t start (see 2.txt)

5c65be5d send_ldap_result: err=0 matched="" text="" => ldap_bv2dn(cn=Subschema,0) <= ldap_bv2dn(cn=Subschema)=0 => ldap_dn2bv(272) <= ldap_dn2bv(cn=subschema)=0 5c65be5d read_config: no serverID / URL match found. Check slapd -h arguments. 5c65be5d slapd stopped. 5c65be5d connections_destroy: nothing to destroy.

On ldap 2: same behavior

Take a look at daemon_init:

When successfull (1.txt)

5c65be18 @(#) $OpenLDAP: slapd (Dec 30 2018 18:24:00) $ Debian OpenLDAP Maintainers pkg-openldap-devel@lists.alioth.debian.org 5c65be18 daemon_init: ldap://openldap1.example.org ldaps://openldap1.example.org ldapi:///

When it crashed (2.txt)

5c65be5d @(#) $OpenLDAP: slapd (Dec 30 2018 18:24:00) $ Debian OpenLDAP Maintainers pkg-openldap-devel@lists.alioth.debian.org 5c65be5d daemon_init: ldap://openldap1.example.org ldap://localhost ldapi:/// 5c65be5d daemon: bind(7) failed errno=99 (Cannot assign requested address) 5c65be5d daemon: bind(8) failed errno=99 (Cannot assign requested address)

ldaps-replication-hosts-issues-on-restart.zip

rlaflamme commented 5 years ago

Finally I dont't think it is possible to set ldaps for replication

PrivatePuffin commented 4 years ago

@rlaflamme Please reopen this issue. Don't close issues that are actually there. Multi-master replication is said to be supported, hencethis is an actual bug and should NOT be closed..

rlaflamme commented 4 years ago

Reopened

osixia / docker-openldap

Container won't restart --replication + ldaps ---read_config: no serverID / URL match found. Check slapd -h arguments. #290