Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do not see any search results #5

Open
siddjain opened this issue Apr 26, 2019 · 8 comments

Comments

@siddjain
Copy link

commented Apr 26, 2019

we don't see any search results using this image. here is what we did:

  1. Started the server by running following command:
docker run -p 636:636 -p 389:389 --name jnj-ldap-server --env BACKEND=mdb --env ENABLE_TLS=false --env BASE_DN=dc=jnj,dc=com --env TLS_VERIFY_CLIENT=never --env TLS_ENFORCE=false --env HOSTNAME=localhost --env DOMAIN=jnj.com --env ADMIN_PASS=superman --env CONFIG_PASS=spiderman --env 'ORGANIZATION=Johnson & Johnson' --env LOG_LEVEL=1 --log-opt max-file=3 --log-opt max-size=10m --detach tiredofit/openldap
  1. Make a query by running following commands:
$ export BASE_DN=dc=jnj,dc=com
$ export ADMIN_PASS=superman
$ ldapsearch -x -h localhost -p 389 -b $BASE_DN -D "cn=admin,dc=jnj,dc=com" -w $ADMIN_PASS

Expected: Result for the admin user

Observed:

# extended LDIF
#
# LDAPv3
# base <dc=jnj,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

Server log can be found here. Is there something wrong that we are doing?

@tiredofit

This comment has been minimized.

Copy link
Owner

commented Apr 26, 2019

I get the results of 11,000+ records with your command so I'm not sure what could be happening there. You might not see your admin account listed as it may be sitting in db0 (config). Have you tried adding any normal users yet?

Try this for an example https://www.thegeekstuff.com/2015/02/openldap-add-users-groups/

@siddjain

This comment has been minimized.

Copy link
Author

commented Apr 26, 2019

Tried adding normal users but it complains as it cannot find any entry for the base DN.

First we created a file

WITSC02X6385JGH:docker-openldap sjain68$ cat adam.ldif
dn: uid=adam,dc=jnj,dc=com
objectClass: inetOrgPerson
mail: adam@jnj.com
uid: adam
cn: adam
sn: adam
userPassword: {SSHA}x

Then we tried to add:

$ ldapadd -x -h localhost -p 389 -D "cn=admin,dc=jnj,dc=com" -w $ADMIN_PASS -f adam.ldif
adding new entry "uid=adam,dc=jnj,dc=com"
ldap_add: No such object (32)

In server logs we see this:

5cc33685 mdb_dn2entry("uid=adam,dc=jnj,dc=com")
5cc33685 => mdb_dn2id("uid=adam,dc=jnj,dc=com")
5cc33685 <= mdb_dn2id: get failed: MDB_NOTFOUND: No matching key/data pair found (-30798)
5cc33685 mdb_add: parent does not exist
5cc33685 send_ldap_result: conn=1005 op=1 p=3
5cc33685 send_ldap_response: msgid=2 tag=105 err=32

so there isn't any base entry created in the database. shouldn't the docker command be creating a base entry in the database?

@tiredofit

This comment has been minimized.

Copy link
Owner

commented Apr 26, 2019

Yes, should.
You might have uncovered a bug here.
Can I get you to just do a quick test with starting with fresh folders and try my tiredofit/openldap-fusiondirectory image instead? It should work without the companion front end. If you see different results then I something might have changed along the way. This is the first I have seen this however.

@siddjain

This comment has been minimized.

Copy link
Author

commented Apr 26, 2019

we did not try that image but confirm that there wasn't any base entry in the database i.e., the LDAP tree was empty. Once we added a root node (the base entry), then our search started giving back results.

@tiredofit

This comment has been minimized.

Copy link
Owner

commented Apr 26, 2019

Great, can you share that LDIF and I will wrap it in?

@siddjain

This comment has been minimized.

Copy link
Author

commented Apr 26, 2019

sure. this is the minimal LDIF to create a base entry:

$ cat basedn.ldif 
dn: dc=uber,dc=com
dc: uber
o: Uber
objectclass: organization
objectclass: dcObject

and we added it to the database by running:

$ ldapadd -x -h localhost -p 389 -D "cn=admin,dc=uber,dc=com" -w $ADMIN_PASS -f basedn.ldif
@tiredofit

This comment has been minimized.

Copy link
Owner

commented Apr 26, 2019

Thanks! How I've missed this is beyond me, but there have been many iterations of this image over the years and I may have missed one. I hope you have success going forward with this!

@nickadams675

This comment has been minimized.

Copy link

commented Jun 3, 2019

sure. this is the minimal LDIF to create a base entry:

$ cat basedn.ldif 
dn: dc=uber,dc=com
dc: uber
o: Uber
objectclass: organization
objectclass: dcObject

and we added it to the database by running:

$ ldapadd -x -h localhost -p 389 -D "cn=admin,dc=uber,dc=com" -w $ADMIN_PASS -f basedn.ldif

This resolved the binding issue I have been experiencing, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.