docker-test-openldap icon indicating copy to clipboard operation
docker-test-openldap copied to clipboard

Published 20 hours ago verified publisher icon rroemhild

Infinite loop after restart

Open frafra opened this issue 10 months ago • 3 comments 

Reconfigure slapd...
+ echo 'Reconfigure slapd...'
+ cat
+ debconf-set-selections
+ DEBIAN_FRONTEND=noninteractive
+ dpkg-reconfigure slapd
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.47+dfsg-3+deb10u7... done.
  Moving old database directory to /var/backups:

  Backup path /var/backups/unknown-2.4.47+dfsg-3+deb10u7.ldapdb exists. Giving up...
[cont-init.d] 000-slapd-package-config: exited 1.
[cont-init.d] 010-tls-certificates: executing... 
+ [[ -f /etc/ldap/ssl/ldap.key ]]
TLS Certificates already present. Using provided certificates
+ [[ -f /etc/ldap/ssl/ldap.crt ]]
+ echo 'TLS Certificates already present. Using provided certificates'
[cont-init.d] 010-tls-certificates: exited 0.
[cont-init.d] 020-filesystem-perms: executing... 
+ chown -R openldap:openldap /etc/ldap
[cont-init.d] 020-filesystem-perms: exited 0.
[cont-init.d] 050-openldap-populate: executing... 
+ slapd -h ldapi:/// -u openldap -g openldap
+ configure_msad_features
+ echo 'Configure MS-AD Extensions'
+ ldapmodify -Y EXTERNAL -H ldapi:/// -f /opt/openldap/bootstrap/config/msad.ldif -Q
Configure MS-AD Extensions
ldap_modify: Type or value exists (20)
      additional info: modify/add: olcAttributeTypes: value #0 already exists
modifying entry "cn={0}core,cn=schema,cn=config"

[cont-init.d] 050-openldap-populate: exited 20.
[cont-init.d] done.
[services.d] starting services
starting slapd
[services.d] done.
6617b7c5 @(#) $OpenLDAP: slapd  (May 14 2022 18:35:44) $
      Debian OpenLDAP Maintainers <[email protected]>
6617b7c6 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
6617b7c6 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
6617b7c6 slapd stopped.
starting slapd
6617b7c6 @(#) $OpenLDAP: slapd  (May 14 2022 18:35:44) $
      Debian OpenLDAP Maintainers <[email protected]>
6617b7c7 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
6617b7c7 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
6617b7c7 slapd stopped.
starting slapd
6617b7c7 @(#) $OpenLDAP: slapd  (May 14 2022 18:35:44) $
      Debian OpenLDAP Maintainers <[email protected]>
6617b7c8 hdb_db_open: database "dc=planetexpress,dc=com": database already in use.
6617b7c8 backend_startup_one (type=hdb, suffix="dc=planetexpress,dc=com"): bi_db_open failed! (-1)
6617b7c8 slapd stopped.

I would advise against using VOLUMES in Dockerfile, as not all users are interested in having persistency on these paths, and it looks like it is not possible to just ignore them. Without the volumes the error would not happen.

frafra avatar Apr 11 '24 10:04 frafra

To anyone with same issue: you can fix this by directly running slapd: /usr/sbin/slapd -h "ldapi:/// ldap://0.0.0.0:10389 ldaps://0.0.0.0:10636" -d 256

OctoNezd avatar Jun 11 '24 13:06 OctoNezd

I am having the same issue. I wanted to add additional attributes to the users and therefore mount

volumes:
      - ${DATADIR}/ldap/opt/openldap/bootstrap/data:/opt/openldap/bootstrap/data

Now I am getting the database already in use loop. I have also tried to build a local image and removing the VOLUME declaration in the Dockerfile [1]. But that didn't work either. Any hints?

[1] https://github.com/rroemhild/docker-test-openldap/blob/2645f2164ffb51ec4b5b4a9af0065ad7f2ffc1cf/Dockerfile#L34

osnard avatar Jun 25 '24 11:06 osnard

I don’t know how to configure the LDAP server correctly, but this hack helped:

rootfs/etc/services.d/slapd/run

#!/usr/bin/with-contenv bash

echo "starting slapd"
/usr/sbin/slapd -h "ldapi:/// ldap://0.0.0.0:10389 ldaps://0.0.0.0:10636" -d 256 -u openldap -g openldap

echo "Removing lock file..."
rm /var/lib/ldap/alock

cadabrum avatar Aug 01 '24 21:08 cadabrum