Kubernetese - login failure. However other services can contact it just fine.

[t5unamie]

I have a load of pods setup in Kubernetese. Other service like Jenkins, Artifactory and sonar can all connect to the LDAP server.

However when I login to the PHPadmin server now. I get the following error.

This was working, confused on why it's not. Is there away to parse out the current values if I exec in to the container?

error   Unable to connect to LDAP server openldapsvc.default.cluster.local
Error: Can't contact LDAP server (-1) for user
error   Failed to Authenticate to server
Invalid Username or Password.

Openldap service below. -

apiVersion: v1
kind: Service
metadata:
  name: openldapsvc
  labels:
    app: openldap
spec:
  ports:
  - port: 389
    protocol: TCP
    name: ldap
  selector:
    app: openldap

---
apiVersion: v1
kind: ReplicationController
metadata:
  name: openldap
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: openldap
    spec:
      containers:
      - name: openldap
        image: osixia/openldap:1.1.2
        env:
        -
          name: "LDAP_DOMAIN"
          value: "example.io"
        -
          name: "LDAP_ORGANISATION"
          value: "DDUK"
        -
          name: "LDAP_ROOTPASS"
          value: "root"
        -
          name: "LDAP_ADMIN_PWD"
          value: "root"
        ports:
        - containerPort: 389
          name: ldap
        volumeMounts:
        - mountPath: /var/lib/ldap
          name: data
        - mountPath: /etc/ldap/slapd.d
          name: config
        - mountPath: /etc/ldap/ssl
          name: ssl
      volumes:
        - name: data
        # This AWS EBS volume must already exist.
          awsElasticBlockStore:
            volumeID: @@@volume-id1@@@
            fsType: ext4
        - name: config
        # This AWS EBS volume must already exist.
          awsElasticBlockStore:
            volumeID: @@@volume-id2@@@
            fsType: ext4
        - name: ssl
        # This AWS EBS volume must already exist.
          awsElasticBlockStore:
            volumeID: @@@volume-id3@@@
            fsType: ext4

php pod

apiVersion: v1
kind: Service
metadata:
  name: openldapadminsvc
  labels:
    app: openldapadmin
spec:
  type: LoadBalancer
  ports:
  - port: 8888
    protocol: TCP
    name: https
    targetPort: 443
  selector:
    app: openldapadmin

---
apiVersion: v1
kind: ReplicationController
metadata:
  name: openldapadmin
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: openldapadmin
    spec:
      containers:
      - name: openldapadmin
        image: osixia/phpldapadmin:0.6.7
        env:
        -
          name: "PHPLDAPADMIN_LDAP_HOSTS"
          value: "#PYTHON2BASH:[{'openldapsvc.default.cluster.local': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=io'}]}]}, 'openldapsvc.default.cluster.local']"
        ports:
        - containerPort: 443
          name: https

[osixia]

Hi, can you try without a login bind_id set ?

value: "#PYTHON2BASH:[{openldapsvc.default.cluster.local': [{'server': [{'tls': 'false'}]}]}]"

[t5unamie]

Hi Osixia,

Thanks for replying. However if I remove that it automatically gives me and issue where the default user shown is cn=admin,dc=example,dc=org. IT should be cn=admin,dc=example,dc=io

Also the example servers it's trying to connect to are all ldap,dc=example,dc=org which is also wrong.

[t5unamie]

any joy?

[t5unamie]

sorry this was my fault. I checked them template I built and the wrong sservice name was entered somehow.

[t5unamie]

this was from a kube problem. If you look at the reference URL in the bind it uses the old URL. The new system has rvc in the domain name.

[t5unamie]

this was from a kube problem. If you look at the reference URL in the bind it uses the old URL. The new system has rvc in the domain name.