Can't find members of a group, if prepopulation is used #21
Comments
igorbljahhin
changed the title
|
i think the easiest solution would be to add your ldif files after the service start, as it seems to make memeberof effective. |
|
Refactor the entrypoint.sh script? Edit: Doesn't seem to work, currently struggling with the same problem. Will post an update if I found a solution. |
|
I get these in the logs: 594bf5ec <= bdb_equality_candidates: (memberOf) not indexed |
|
slapadd doesn't work with overlays, like memberOf. So the only workaround I'm aware of would be adding the groups with ldapadd while slapd is running. |
|
I'll add supervisord and add a script which checks if slapd is already running and then injecting the prepopulated data once. |
|
It's working fine when doing the said above. The supervisord script I've written therefore: |
|
Hi @duketwo I have the same problem, but I don't fully understand what to do to make your solution work. Thanks a lot! |
|
i assume you have to delete the prepopulate part of the original entrypoint.sh (the
block) |
|
https://github.com/duketwo/Shib-Idp/blob/master/ldap/populate.sh If anybody still needs that |
|
What is possible to do in the entrypoint file is to:
It's somewhat ugly though… or @dinkel do you think this would be tolerable to fix the issue? |
Hi!
I can't get the search of "memberOf" working. My setup using docker-compose is following:
version: "2"
services:
openldap:
image: dinkel/openldap:latest
container_name: openldap
environment:
SLAPD_ORGANIZATION: "a company"
SLAPD_DOMAIN: "rosinad.com"
SLAPD_PASSWORD: "admin"
SLAPD_CONFIG_PASSWORD: "config"
SLAPD_ADDITIONAL_MODULES: "memberof"
volumes:
- data_openldap:/etc/ldap
- data_openldap_config:/var/lib/ldap
- ./docker/openldap:/etc/ldap.dist/prepopulate
ports:
- "389:389"
I have three files in ./docker/openldap: 01-base.ldif, 02-users.ldif and 03-groups.ldif with following content (only important parts are shown):
01-base.ldif:
dn: ou=people,dc=rosinad,dc=com
objectclass: organizationalUnit
ou: People
dn: ou=groups,dc=rosinad,dc=com
objectclass: organizationalUnit
ou: Groups
02-users.ldif:
dn: uid=seagate_user,ou=people,dc=rosinad,dc=com
cn: Seagate User
sn: User
gidnumber: 10000
homedirectory: /home/users/seagate_user
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
uid: seagate_user
uidnumber: 1001
userpassword: seagate_user
03-groups.ldif:
dn: cn=GPWUSERS,ou=groups,dc=rosinad,dc=com
cn: GPWUSERS
objectClass: groupofnames
member: uid=seagate_user,ou=people,dc=rosinad,dc=com
and search by the query "(&(objectClass=person)(memberOf=cn=GPWUSERS,ou=groups,dc=rosinad,dc=com))" is returning nothing.
But if I manually add the group with member after OpenLDAP is started, then the search is returning that one result.
My guess is that memberOf module is enabled after my files are prepopulated, but if I look at the source code of entrypoint script, then I see that prepopulation is performed in the end of the script.
Could you give me some hints that could be wrong with my approach?
thanks!
The text was updated successfully, but these errors were encountered: