LDAP administrator is not showing up in container version 1.5.0

[lupa95]

Issue: Since version 1.5.0 executing ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin against a fresh openldap container should show #numEntries: 2 according to the Quick Start section in the README. But the admin user is missing, so it only shows one entry (the domain entry).

Setting LDAP_DOMAIN and LDAP_ORGANISATION via env vars does not change this behavior.

How to reproduce:

Run ldapsearch against fresh containers with version 1.4.0 and 1.5.0 to see the different output.

user@vbox:~ $ docker run --name openldap --detach osixia/openldap:1.4.0
5adcb86ae554de5f12439ced96a204a56a6d7e4812475b588d53ef9844e0280e
user@vbox:~ $ docker exec openldap ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example

# admin, example.org
dn: cn=admin,dc=example,dc=org
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword:: e1NTSEF9SXJIT1I3T1ZFTHlvTkxYekJYSm85WEpPQ2xENjZsa2Y=

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2
user@vbox:~ $ docker run --name openldap2 --detach osixia/openldap:1.5.0
7ff9a935fdfc8babe0e07879648883c7652ba902a4df9374bb229c88032abebf
user@vbox:~ $ docker exec openldap2 ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: Example Inc.
dc: example

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Is this intended?

[n1nj4888]

I’m seeing the same thing in that the admin user does not appear to be configured out of the box under cn=admin,dc=example,dc=com. Issue #579 also shows the same.

Is this intended or a bug in the 1.5 image?

[sparkcyf]

I’m seeing the same thing in that the admin user does not appear to be configured out of the box under cn=admin,dc=example,dc=com. Issue #579 also shows the same.

Is this intended or a bug in the 1.5 image?

Encountered similar problems and asked this question on the mail list of LDAP, according to their answer, such issue may occurred by the config change on the slapd package in Debian.

openldap (2.4.51+dfsg-1) unstable; urgency=medium [...]

• Remove the redundant cn=admin, entry from the default DIT for new installs. For new installs going forward, the root credentials will be stored in olcRootDN/olcRootPW only. (Closes: #821331)

This change was done to address the issue where the admin's password was stored in two places (olcRootPW and the entry's userPassword), which occasionally caused confusion if only one of the two was changed. Ryan Tandy (Quote from the openldap maillist)

https://lists.openldap.org/hyperkitty/list/openldap-technical@openldap.org/thread/T5RU5RUW4KU4MM33TA6BXP77446SG7Q4/

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=821331

[eryajf]

Is there any solution to this problem now? When I use version 1.4.0, the problem disappears