Open budbay opened 5 years ago
Strange, I see it in /usr/bin
- Check again?
As for LDIF exports, I've built in backup routines to help you with that. However they may different from what you may be used to: From the README of the parent image (tiredofit/docker-openldap):
| Variable | Description |
|-----------|-------------|
| `BACKUP_CONFIG_CRON_PERIOD` | Cron expression to schedule OpenLDAP config backup. Defaults `0 4 * * *` Every day at 4am. |
| `BACKUP_DATA_CRON_PERIOD` | Cron expression to schedule OpenLDAP data backup. Defaults `0 4 * * *` Every day at 4am. |
| `BACKUP_TTL ` | Automatically cleanup backup after how many days. Default `15` |
Also, you can do it while inside the container with slapcat -n0 >/tmp/config.ldif
and slapcat -n1 >/tmp/data.ldif
. To readd in this manner you would need to shutdown openldap inside the container by executing s6-svc -d /var/run/s6/services/10-openldap
followed by a pkill slapd
then, this is where it gets a bit gnarly. rm -rf /var/lib/openldap/*
and rm -rf /etc/slapd.d
. Then you could add your backed up data back in with the slapadd
command. Restart OpenLdap with s6-svc -u /var/run/s6/services/10-openldap
thanks for the quick reply, you are correct that this is the case with the openldap-fusiondirectory (LDAP) container, but it does not seem to be present in the fusiondirectory container (web app), i was trying to do this from the fusion directory app by going to LDAP import/export menu. i hope i didnt post in the wrong place, it seems we are discussing different containers. i am using the cron backups with the LDAP container, as you hint, i am not used to doing it this way so while i familiarize myself with these features i was trying to backup from the fusiondirectory app. i do appreciate your work with this, i recently setup a new server and had my ldap up and running in no time.
Oh jeesh, my bad. Late in the day for me, you are in the frontend container and ARE posting in the right spot. I don't see a problem with adding the openldap-clients
package in Alpine to support this!
No worries, just making sure since i am using several of your containers. thanks for sharing your work, look forward to the addition!
Glad they are of use to you! I've just pushed a new release (it might take an hour or so to hit Docker Hub) tagged :latest or :1.14 that should give you access to ldapsearch and the other utilities along with a few other fixes. I believe FusionDirectory 1.3 is imminent so there should be another release following within the month.
thanks for the update! ldap search is working but i now have a different error, "Failed to generate ldap export, error was "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"", again this is when using export complete ldif function. i was able to use ldap search as root inside container, but i assume the app is running as nginx user. if i run ldap search as nginx then this error is produced. i am also using user namespaces so that may be contributing. definitely seems like a permissions issue. either way it seems getting this function to work isn't a quick fix as i hoped. i realize that this may be beyond the scope of your intended use of the containers, especially since you have a backup function built in already. that being said feel free to close this issue if you dont want to proceed down this rabbit hole. i will start to better educate myself on how your backup solution works, primarily how to restore from one. thanks again.
Can you try this? chmod +s /usr/bin/ldapsearch
from inside the container and see if your export now works? It's hackish but I can work this into the image if necessary.
so i still get the same error, however it does allow ldapsearch from nginx user now. so i guess i was wrong about permissions, must be something with my configuration. ill need to look at the plugin code and see where its going wrong. it does give a hint, fusiondirectory/plugins/addons/ldapmanager/class_ldapmanager.inc line 183. ill keep investigating.
I was trying to do a full ldif export from fusiondirectory and it gives the following error: "Failed to generate ldap export, error was "sh: ldapsearch: not found"". i thought it might be related to my settings somehow so i exec in container to try ldapsearch from there and receive the following error: "bash: ldapsearch: not found". i checked the bin directories and did not see ldapsearch. would it be possible to add the binary to the container to restore this functionality? i like to do the export from time to time as a backup. thanks.