Do not see any search results

[siddjain]

we don't see any search results using this image. here is what we did:

1. Started the server by running following command:

docker run -p 636:636 -p 389:389 --name jnj-ldap-server --env BACKEND=mdb --env ENABLE_TLS=false --env BASE_DN=dc=jnj,dc=com --env TLS_VERIFY_CLIENT=never --env TLS_ENFORCE=false --env HOSTNAME=localhost --env DOMAIN=jnj.com --env ADMIN_PASS=superman --env CONFIG_PASS=spiderman --env 'ORGANIZATION=Johnson & Johnson' --env LOG_LEVEL=1 --log-opt max-file=3 --log-opt max-size=10m --detach tiredofit/openldap

2. Make a query by running following commands:

$ export BASE_DN=dc=jnj,dc=com
$ export ADMIN_PASS=superman
$ ldapsearch -x -h localhost -p 389 -b $BASE_DN -D "cn=admin,dc=jnj,dc=com" -w $ADMIN_PASS

Expected: Result for the admin user

Observed:

# extended LDIF
#
# LDAPv3
# base <dc=jnj,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Server log can be found here. Is there something wrong that we are doing?

[tiredofit]

I get the results of 11,000+ records with your command so I'm not sure what could be happening there. You might not see your admin account listed as it may be sitting in db0 (config). Have you tried adding any normal users yet?

Try this for an example https://www.thegeekstuff.com/2015/02/openldap-add-users-groups/

[siddjain]

Tried adding normal users but it complains as it cannot find any entry for the base DN.

First we created a file

WITSC02X6385JGH:docker-openldap sjain68$ cat adam.ldif
dn: uid=adam,dc=jnj,dc=com
objectClass: inetOrgPerson
mail: adam@jnj.com
uid: adam
cn: adam
sn: adam
userPassword: {SSHA}x

Then we tried to add:

$ ldapadd -x -h localhost -p 389 -D "cn=admin,dc=jnj,dc=com" -w $ADMIN_PASS -f adam.ldif
adding new entry "uid=adam,dc=jnj,dc=com"
ldap_add: No such object (32)

In server logs we see this:

5cc33685 mdb_dn2entry("uid=adam,dc=jnj,dc=com")
5cc33685 => mdb_dn2id("uid=adam,dc=jnj,dc=com")
5cc33685 <= mdb_dn2id: get failed: MDB_NOTFOUND: No matching key/data pair found (-30798)
5cc33685 mdb_add: parent does not exist
5cc33685 send_ldap_result: conn=1005 op=1 p=3
5cc33685 send_ldap_response: msgid=2 tag=105 err=32

so there isn't any base entry created in the database. shouldn't the docker command be creating a base entry in the database?

[tiredofit]

Yes, should. You might have uncovered a bug here. Can I get you to just do a quick test with starting with fresh folders and try my tiredofit/openldap-fusiondirectory image instead? It should work without the companion front end. If you see different results then I something might have changed along the way. This is the first I have seen this however.

[siddjain]

we did not try that image but confirm that there wasn't any base entry in the database i.e., the LDAP tree was empty. Once we added a root node (the base entry), then our search started giving back results.

[tiredofit]

Great, can you share that LDIF and I will wrap it in?

[siddjain]

sure. this is the minimal LDIF to create a base entry:

$ cat basedn.ldif 
dn: dc=uber,dc=com
dc: uber
o: Uber
objectclass: organization
objectclass: dcObject

and we added it to the database by running:

$ ldapadd -x -h localhost -p 389 -D "cn=admin,dc=uber,dc=com" -w $ADMIN_PASS -f basedn.ldif

[tiredofit]

Thanks! How I've missed this is beyond me, but there have been many iterations of this image over the years and I may have missed one. I hope you have success going forward with this!

[nickadams675]

sure. this is the minimal LDIF to create a base entry:

$ cat basedn.ldif 
dn: dc=uber,dc=com
dc: uber
o: Uber
objectclass: organization
objectclass: dcObject

and we added it to the database by running:

$ ldapadd -x -h localhost -p 389 -D "cn=admin,dc=uber,dc=com" -w $ADMIN_PASS -f basedn.ldif

This resolved the binding issue I have been experiencing, thanks!