containers
containers copied to clipboard
Published
20 hours ago •
bitnami
bitnami
[bitnami/openldap] exits with status 123 when loading custom ldif
Name and Version
bitnami/openldap:2.6.4
What architecture are you using?
amd64
What steps will reproduce the bug?
- Create a custom ldif, for example:
dn: ou=users,dc=example,dc=org
objectClass: organizationalUnit
objectClass: top
ou: users
dn: cn=newuser,ou=users,dc=example,dc=org
objectsClass: inetOrgPerson
objectClass: top
cn: newuser
sn: surname
userPassword:: YWRtaW4=
- Run the container with the custom ldif:
$ docker run -it --rm -v $PWD/custom.ldif:/ldifs/custom.ldif bitnami/openldap:2.6.4
- Check the return code
echo $?, it will print123
$ echo $?
123
What is the expected behavior?
The container loads the custom ldif and starts
What do you see instead?
The container exits with return code 123
Additional information
Ldap return code 123 is "authorizationDenied", which means:
The authorizationDenied result code is used to indicate that the associated request included a proxied authorization request control, but that the client is not permitted to assign the requested authorization identity.
https://ldap.com/ldap-result-code-reference-other-server-side-result-codes/#rc-authorizationDenied https://docs.ldap.com/specs/rfc4370.txt
Hi,
Could you launch it with BITNAMI_DEBUG=true to see if it provides more information?
10:07:01.48 INFO ==> ** Starting LDAP setup **
10:07:01.51 INFO ==> Validating settings in LDAP_* env vars
10:07:01.51 INFO ==> Initializing OpenLDAP...
10:07:01.51 DEBUG ==> Ensuring expected directories/files exist...
10:07:01.53 INFO ==> Creating LDAP online configuration
10:07:01.53 INFO ==> Creating slapd.ldif
Closing DB...
10:07:01.61 INFO ==> Starting OpenLDAP server in background
64085e45.2516fa1a 0x7f7a16575740 @(#) $OpenLDAP: slapd 2.6.4 (Feb 22 2023 11:46:45) $
@e337c9d3914b:/bitnami/blacksmith-sandox/openldap-2.6.4/servers/slapd
64085e45.2aee8803 0x7f7a16575740 slapd starting
10:07:02.63 INFO ==> Configure LDAP credentials for admin user
SASL/EXTERNAL authentication started
64085e46.264a17a9 0x7f79d57d3700 conn=1000 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
64085e46.264b55a0 0x7f79d57d3700 conn=1000 op=0 BIND dn="" method=163
64085e46.264bf0bc 0x7f79d57d3700 conn=1000 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64085e46.264c49da 0x7f79d57d3700 conn=1000 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
64085e46.264cdc66 0x7f79d57d3700 conn=1000 op=0 RESULT tag=97 err=0 qtime=0.000007 etime=0.000119 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}mdb,cn=config"
64085e46.264f3cee 0x7f79d4fd2700 conn=1000 op=1 MOD dn="olcDatabase={2}mdb,cn=config"
64085e46.264fc73c 0x7f79d4fd2700 conn=1000 op=1 MOD attr=olcSuffix
64085e46.2655279e 0x7f79d4fd2700 conn=1000 op=1 RESULT tag=103 err=0 qtime=0.000010 etime=0.000424 text=
modifying entry "olcDatabase={2}mdb,cn=config"
64085e46.26567214 0x7f79d57d3700 conn=1000 op=2 MOD dn="olcDatabase={2}mdb,cn=config"
64085e46.2656df87 0x7f79d57d3700 conn=1000 op=2 MOD attr=olcRootDN
64085e46.265ba96c 0x7f79d57d3700 conn=1000 op=2 RESULT tag=103 err=0 qtime=0.000007 etime=0.000362 text=
modifying entry "olcDatabase={2}mdb,cn=config"
64085e46.265c92b5 0x7f79d57d3700 conn=1000 op=3 MOD dn="olcDatabase={2}mdb,cn=config"
64085e46.265ce2b2 0x7f79d57d3700 conn=1000 op=3 MOD attr=olcRootPW
64085e46.266111fb 0x7f79d57d3700 conn=1000 op=3 RESULT tag=103 err=0 qtime=0.000006 etime=0.000310 text=
modifying entry "olcDatabase={1}monitor,cn=config"
64085e46.26623f60 0x7f79d4fd2700 conn=1000 op=4 MOD dn="olcDatabase={1}monitor,cn=config"
64085e46.266299c8 0x7f79d4fd2700 conn=1000 op=4 MOD attr=olcAccess
64085e46.266677f2 0x7f79d4fd2700 conn=1000 op=4 RESULT tag=103 err=0 qtime=0.000007 etime=0.000294 text=
64085e46.26674838 0x7f79d57d3700 conn=1000 op=5 UNBIND
64085e46.2667cca7 0x7f79d57d3700 conn=1000 fd=12 closed
10:07:02.64 INFO ==> Adding LDAP extra schemas
SASL/EXTERNAL authentication started
64085e46.26c920a3 0x7f79d4fd2700 conn=1001 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
64085e46.26ca0351 0x7f79d57d3700 conn=1001 op=0 BIND dn="" method=163
64085e46.26caa8b3 0x7f79d57d3700 conn=1001 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64085e46.26cb022e 0x7f79d57d3700 conn=1001 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
64085e46.26cbb5eb 0x7f79d57d3700 conn=1001 op=0 RESULT tag=97 err=0 qtime=0.000007 etime=0.000122 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"
64085e46.26cee0f3 0x7f79d4fd2700 conn=1001 op=1 ADD dn="cn=cosine,cn=schema,cn=config"
64085e46.26dfbf08 0x7f79d4fd2700 conn=1001 op=1 RESULT tag=105 err=0 qtime=0.000008 etime=0.001144 text=
64085e46.26e0c442 0x7f79d57d3700 conn=1001 op=2 UNBIND
64085e46.26e16659 0x7f79d57d3700 conn=1001 fd=12 closed
SASL/EXTERNAL authentication started
64085e46.2710385b 0x7f79d4fd2700 conn=1002 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
64085e46.2710c6ed 0x7f79d57d3700 conn=1002 op=0 BIND dn="" method=163
64085e46.271168af 0x7f79d57d3700 conn=1002 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64085e46.2711ccc2 0x7f79d57d3700 conn=1002 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
64085e46.271230fd 0x7f79d57d3700 conn=1002 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000102 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"
64085e46.2714411f 0x7f79d4fd2700 conn=1002 op=1 ADD dn="cn=inetorgperson,cn=schema,cn=config"
64085e46.271a680a 0x7f79d4fd2700 conn=1002 op=1 RESULT tag=105 err=0 qtime=0.000007 etime=0.000426 text=
64085e46.271c0e3d 0x7f79d57d3700 conn=1002 op=2 UNBIND
64085e46.271c9ce2 0x7f79d57d3700 conn=1002 fd=12 closed
SASL/EXTERNAL authentication started
64085e46.274c5399 0x7f79d4fd2700 conn=1003 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
64085e46.274cd375 0x7f79d57d3700 conn=1003 op=0 BIND dn="" method=163
64085e46.274d608d 0x7f79d57d3700 conn=1003 op=0 BIND authcid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" authzid="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth"
64085e46.274da81f 0x7f79d57d3700 conn=1003 op=0 BIND dn="gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth" mech=EXTERNAL bind_ssf=0 ssf=71
64085e46.274e1ad2 0x7f79d57d3700 conn=1003 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000093 text=
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"
64085e46.27511e57 0x7f79d4fd2700 conn=1003 op=1 ADD dn="cn=nis,cn=schema,cn=config"
64085e46.275c8b4a 0x7f79d4fd2700 conn=1003 op=1 RESULT tag=105 err=0 qtime=0.000010 etime=0.000785 text=
64085e46.275e2fd5 0x7f79d57d3700 conn=1003 op=2 UNBIND
64085e46.275ee635 0x7f79d57d3700 conn=1003 fd=12 closed
10:07:02.66 INFO ==> Loading custom LDIF files...
10:07:02.66 WARN ==> Ignoring LDAP_USERS, LDAP_PASSWORDS, LDAP_USER_DC and LDAP_GROUP environment variables...
64085e46.282368e3 0x7f79d4fd2700 conn=1004 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
64085e46.2824632d 0x7f79d4fd2700 conn=1004 op=0 BIND dn="cn=admin,dc=example,dc=org" method=128
64085e46.2824c8c4 0x7f79d4fd2700 conn=1004 op=0 BIND dn="cn=admin,dc=example,dc=org" mech=SIMPLE bind_ssf=0 ssf=71
64085e46.28252195 0x7f79d4fd2700 conn=1004 op=0 RESULT tag=97 err=0 qtime=0.000005 etime=0.000070 text=
adding new entry "ou=users,dc=example,dc=org"
64085e46.282787a9 0x7f79d57d3700 conn=1004 op=1 ADD dn="ou=users,dc=example,dc=org"
64085e46.2828c56f 0x7f79d57d3700 conn=1004 op=1 RESULT tag=105 err=32 qtime=0.000007 etime=0.000105 text=
ldap_add: No such object (32)
64085e46.2829d88c 0x7f79d4fd2700 conn=1004 op=2 UNBIND
64085e46.282a79e3 0x7f79d4fd2700 conn=1004 fd=12 closed
64085e46.2871c046 0x7f79d5fd4700 daemon: shutdown requested and initiated.
64085e46.28744664 0x7f79d5fd4700 slapd shutdown: waiting for 0 operations/tasks to finish
64085e46.287bc58b 0x7f7a16575740 slapd stopped.
After testing a bit more, I found out that, when using a custom ldif, the object dn: dc=example,dc=org is not created
It is problably it, with custom ldifs the root object is not created. If the custom ldif create the root object before the other objects, container starts fine.
This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.
Hi, did you check this comment about the expected behavior with custom ldif https://github.com/bitnami/containers/issues/26518#issuecomment-1462669403?
