Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP_DOMAIN and LDAP_BASE_DN discrepancy #172

Open
dolanor opened this issue Dec 9, 2017 · 4 comments
Open

LDAP_DOMAIN and LDAP_BASE_DN discrepancy #172

dolanor opened this issue Dec 9, 2017 · 4 comments
Labels
bug Docker Image help wanted

Comments

@dolanor
Copy link

dolanor commented Dec 9, 2017
edited
Loading

Hello,
Running containers from scratch with 2 settings would result in different results.

  • LDAP_DOMAIN=domain.com would create cn=admin,dc=domain,dc=com
  • LDAP_BASE_DN=dc=domain,dc=com would create cn=admin,dc=example,dc=org

It seems if we set the LDAP_BASE_DN ourselves, it doesn't generate the LDAP base correctly.
I tried to investigate and the max I could see is that on that step in startup script the 02-security.ldif is well provisioned with the good LDAP_BASE_DN value. So I don't know what make the system create the default example.org admin account, but it must be around there…
@BertrandGouny
Copy link
Member

Interesting, maybe related to #161

@dolanor
Copy link
Author

dolanor commented Dec 12, 2017

Yes, I forgot about this.
Maybe if we create a full admin of the LDAP, maybe we don't need a per org admin. This stone would kill 2 birds :).

Anyway, thanks for that image. It's this one who made me dive into LDAP as I'm trying to have 1 LDAP to kill them all (identification system).

christian-scheible added a commit to christian-scheible/docker-openldap that referenced this issue Aug 10, 2018
@christian-scheible
Fixes osixia#172. LDAP_BASE_DN env was not used for the actual LDAP base
0565778 
When environmentvariables have been set like this:
      LDAP_BASE_DN="o=some org,c=com"
      LDAP_DOMAIN="some-org.com"

The base dn of the generated LDAP is dc=some-org,dc=com instead of o=some org,c=com

This commit fixes that
@anthony-o
Copy link

Like said here, in order for LDAP_BASE_DN to work, I must do the following.

If I use the following compose-file:

version: '2'
services:
  my-ldap:
    image: osixia/openldap:1.2.4
    volumes:
      - ./ldap/custom:/container/service/slapd/assets/config/bootstrap/ldif/custom:ro
    command: --loglevel trace --copy-service
    environment:
      - LDAP_ORGANISATION=gouv
      - LDAP_DOMAIN=gouv.fr
      - LDAP_BASE_DN=ou=myou,o=gouv,c=fr
      #- LDAP_LOG_LEVEL=32 # http://www.openldap.org/doc/admin24/slapdconf2.html#olcLogLevel:%20%3Clevel%3E
    ports:
      - 8389:389
      - 8636:636

then I must write those 2 files into ./ldap/custom folder:

  • 01-olcRootDN.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: ou=myou,o=gouv,c=fr
-
replace: olcRootDN
olcRootDN: cn=admin,ou=myou,o=gouv,c=fr
  • 02-createRootDN.ldif

dn: ou=myou,o=gouv,c=fr
changetype: add
objectClass: organizationalUnit
ou: myou

@j-maas j-maas mentioned this issue Jul 10, 2019
Closed
@j-maas
Copy link

j-maas commented Jul 10, 2019

Just to have all options in one place, I also commented on a similar issue where snapd is configured to set the domain. #307 (comment)

Basically, this line makes snapd derive the base dn from the domain, and I couldn't find a way to tell slapd to create a base dn that is different from the domain.

This was referenced Jul 28, 2019
Closed
Open
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Docker Image help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dolanor @anthony-o @j-maas @BertrandGouny