docker-openldap-fusiondirectory icon indicating copy to clipboard operation
docker-openldap-fusiondirectory copied to clipboard

Published 20 hours ago verified publisher icon tiredofit

Config schema out of date

Open ncaycedo opened this issue 3 years ago • 3 comments

Summary

I tried running the latest versions of this and tiredofit/docker-fusiondirectory images and was having issues when updating the config. Upon saving changes (or even without changes) it would complain that the attribute fdGivenNameRequired could not be found. This is due to a recent change in FusionDirectory, see the merge where this is introduced

This prevents the creation of the cn=config entity so the listed errors are longer. I managed to get only the one error by creating the cn=config by hand and then trying to apply the configuration again.

Steps to reproduce

  • run two docker containers with images tiredofit/openldap-fusiondirectory:1.4 and tiredofit/fusiondirectory:1.4 with an appropriate configuration in a fresh environment
  • open the webapp and log in as admin
  • select config on the left hand side
  • select edit on the bottom right corner
  • click OK on the bottom right corner
  • an error shows that the configuration cannot be applied

What is the expected correct behavior?

The configuration tool sets the new values without any erros.

Relevant logs and/or screenshots

image image

Environment

  • Image version / tag: tiredofit/openldap-fusiondirectory:1.4
  • Host OS: Debian 10 (Buster)
  • Docker Compose version: 1.21.0
docker-compose.yml 
version: '2.2'
services:
  
  openldap-fusiondirectory:
    image: tiredofit/openldap-fusiondirectory:1.4
    container_name: openldap-fusiondirectory
    volumes:
      - ./backup:/data/backup
      - ./data:/var/lib/openldap
      - ./config:/etc/openldap/slapd.d
      - ./certs:/certs
    environment:
      - HOSTNAME=openldap-fusiondirectory
      - LOG_LEVEL=256
      - DOMAIN=example.io
      - BASE_DN=dc=example,dc=io
      - ADMIN_PASS=password
      - CONFIG_PASS=password
      - FUSIONDIRECTORY_ADMIN_USER=fd-admin
      - FUSIONDIRECTORY_ADMIN_PASS=password
      - ORGANIZATION=Example Org
      - ENABLE_READONLY_USER=FALSE
      - READONLY_USER_USER=reader
      - READONLY_USER_PASS=reader
      - ENABLE_TLS=TRUE
      - TLS_CRT_FILENAME=cert.pem
      - TLS_KEY_FILENAME=key.pem
      - TLS_ENFORCE=FALSE
    -TLS_CIPHER_SUITE=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:-DHE-DSS:-RSA:!aNULL:!MD5:!DSS:!SHA
      - TLS_VERIFY_CLIENT=never
      - SSL_HELPER_PREFIX=ldap
      - ENABLE_REPLICATION=FALSE
      #- REPLICATION_CONFIG_SYNCPROV=binddn="cn=admin,cn=config" bindmethod=simple credentials="admin" searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1
      #- REPLICATION_DB_SYNCPROV=binddn="cn=admin,dc=example,dc=org" bindmethod=simple credentials="admin" searchbase="dc=example,dc=org" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1
      #- REPLICATION_HOSTS=ldap://ldap1.example.com ldap://ldap2.example.com ldap://ldap3.example.com
      - REMOVE_CONFIG_AFTER_SETUP=FALSE
      - ENABLE_BACKUP=TRUE
      - BACKUP_INTERVAL=0400
      - BACKUP_RETENTION=10080
      - ENABLE_ZABBIX=TRUE
      - ZABBIX_HOSTNAME=openldap-fusiondirectory-app
      - PLUGIN_ALIAS=TRUE
      - PLUGIN_APPLICATIONS=TRUE
      - PLUGIN_AUDIT=TRUE
      - PLUGIN_DEVELOPERS=TRUE
      - PLUGIN_DOVECOT=TRUE
      - PLUGIN_DSA=TRUE
      - PLUGIN_INVITATIONS=TRUE
      - PLUGIN_LDAPDUMP=TRUE
      - PLUGIN_LDAPMANAGER=TRUE
      - PLUGIN_MAIL=TRUE
      - PLUGIN_NEXTCLOUD=TRUE
      - PLUGIN_NIS=TRUE
      - PLUGIN_PERSONAL=TRUE
      - PLUGIN_PPOLICY=TRUE
      - PLUGIN_PUBLIC_FORMS=TRUE
      - PLUGIN_QUOTA=TRUE
      - PLUGIN_SSH=TRUE
      - PLUGIN_WEBSERVICE=TRUE
    networks:
      - main
    restart: always
  ldapadmin:
    image: osixia/phpldapadmin:0.9.0
    container_name: ldapadmin-fusiondirectory
    environment:
      - PHPLDAPADMIN_LDAP_HOSTS=openldap-fusiondirectory
    networks:
      - main
    ports:
      - 7443:443
    depends_on:
      - openldap-fusiondirectory
  fusiondirectory-app:
    container_name: fusiondirectory-app
    image: tiredofit/fusiondirectory:1.4
    volumes:
      - ./logs:/www/logs
      #- ./custom:/assets/fusiondirectory
      #- ./plugins-custom:/assets/plugins-custom
    environment:
      - VIRTUAL_HOST=ldap.example.io
      - VIRTUAL_NETWORK=main
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=ldap.example.io
      - [email protected]
      - ZABBIX_HOSTNAME=fusiondirectory-app
      - LDAP1_HOST=openldap-fusiondirectory
      - LDAP1_BASE_DN=dc=example,dc=io
      - LDAP1_ADMIN_DN=cn=admin,dc=example,dc=io
      - LDAP1_ADMIN_PASS=password
      - LDAP1_PORT=389
      - LDAP1_NAME=Production
      - PLUGIN_ALIAS=TRUE
      - PLUGIN_APPLICATIONS=TRUE
      - PLUGIN_AUDIT=TRUE
      - PLUGIN_DEVELOPERS=TRUE
      - PLUGIN_DOVECOT=TRUE
      - PLUGIN_DSA=TRUE
      - PLUGIN_INVITATIONS=TRUE
      - PLUGIN_LDAPDUMP=TRUE
      - PLUGIN_LDAPMANAGER=TRUE
      - PLUGIN_MAIL=TRUE
      - PLUGIN_NEXTCLOUD=TRUE
      - PLUGIN_NIS=TRUE
      - PLUGIN_PERSONAL=TRUE
      - PLUGIN_PPOLICY=TRUE
      - PLUGIN_PUBLIC_FORMS=TRUE
      - PLUGIN_QUOTA=TRUE
      - PLUGIN_SSH=TRUE
      - PLUGIN_WEBSERVICE=TRUE
    ports:
      - 7080:80
    networks:
      - main
    depends_on: 
      - openldap-fusiondirectory
    restart: unless-stopped

networks:
  main:
    external: TRUE

Possible fixes

I'm new to LDAP in general and I'm just trying out FusionDirectory, but I suppose adding the updated schema would solve this problem

ncaycedo avatar Aug 31 '21 08:08 ncaycedo

Welcome to the wonderful and wacky world of LDAP. FusionDirectory 1.4 is still in beta and they are making changes to it still but I'm surprised we are seeing schema changes this late in development.

I can manually build a copy of the backend openldap-fusiondirectory image for you - it will replace :latest . Can you let me know if that gets you moving again?

tiredofit avatar Aug 31 '21 11:08 tiredofit

Thank you! I wish it wasn't wacky though :sweat_smile: but it is what it is.

I switched to tiredofit/fusiondirectory:1.4-2.7.8 image for the frontend and it's working fine. I'm in no rush so there's no need for the manual copy, but if you want me to test it just let me know and I'll be happy to help.

ncaycedo avatar Aug 31 '21 12:08 ncaycedo

thanks you very much. I will try it and inform you about the continuation of the work. Have a good day sir.

Le mar. 31 août 2021 à 14:10, Nicolas Caycedo @.***> a écrit :

Thank you! I wish it wasn't wacky though 😅 but it is what it is.

I switched to tiredofit/fusiondirectory:1.4-2.7.8 image for the frontend and it's working fine. I'm in no rush so there's no need for the manual copy, but if you want me to test it just let me know and I'll be happy to help.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/tiredofit/docker-openldap-fusiondirectory/issues/28#issuecomment-909177510, or unsubscribe https://github.com/notifications/unsubscribe-auth/AUHZJYAX6PW3WTIDPMTFNELT7TBCXANCNFSM5DDSC23Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

paule1997 avatar Sep 15 '21 11:09 paule1997