我正在尝试使用图像
osixia/openldap:1.5.0
作为k8s服务创建一个OpenLdap实例。图像工作得非常好,Ldap 实例也工作得很好。但是,当我尝试使用 user.ldif
文件创建用户时,出现错误。我创建了一个名为 users
的 configmap 并将其安装到 k8s 集群。
openldap.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: open-ldap-pod
labels:
app: open-ldap-pod
spec:
selector:
matchLabels:
app: open-ldap-pod
replicas: 1
template:
metadata:
labels:
app: open-ldap-pod
spec:
containers:
- name: open-ldap-pod
image: osixia/openldap:1.5.0
args: [ "-c", "/container/tool/run --copy-service" ]
ports:
- containerPort: 389
name: openldap
volumeMounts:
- name: users
mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom/users.ldif
subPath: users.ldif
volumes:
- name: users
configMap:
name: users
items:
- key: users.ldif
path: users.ldif
用户.ldif
dn: ou=People,dc=example,dc=org
ou: People
objectClass: organizationalUnit
dn: cn=john,ou=People,dc=example,dc=org
myAttribute1: myAttribute
myAttribute2: myAttribute
sn: john
mail: [email protected]
cn: john
objectClass: personnel
dn: cn=mike,ou=People,dc=example,dc=org
myAttribute1: myAttribute
myAttribute2: myAttribute
sn: mike
mail: [email protected]
cn: mike
objectClass: personnel
错误堆栈:
*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** link /container/service/slapd/startup.sh to /container/run/startup/slapd
*** link /container/service/slapd/process.sh to /container/run/process/slapd/run
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml
To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running '/container/tool/run --copy-service'...
*** CONTAINER_LOG_LEVEL = 3 (info)
*** Copy /container/service to /container/run/service
*** Search service in CONTAINER_SERVICE_DIR = /container/run/service :
*** link /container/run/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** failed to link /container/run/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools: [Errno 17] File exists: '/container/run/service/:ssl-tools/startup.sh' -> '/container/run/startup/:ssl-tools'
*** link /container/run/service/slapd/startup.sh to /container/run/startup/slapd
*** failed to link /container/run/service/slapd/startup.sh to /container/run/startup/slapd: [Errno 17] File exists: '/container/run/service/slapd/startup.sh' -> '/container/run/startup/slapd'
*** link /container/run/service/slapd/process.sh to /container/run/process/slapd/run
*** directory /container/run/process/slapd already exists
*** failed to link /container/run/service/slapd/process.sh to /container/run/process/slapd/run : [Errno 17] File exists: '/container/run/service/slapd/process.sh' -> '/container/run/process/slapd/run'
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml
To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/:ssl-tools...
*** Running /container/run/startup/slapd...
openldap user and group adjustments
get current openldap uid/gid info inside container
-------------------------------------
openldap GID/UID
-------------------------------------
User uid: 911
User gid: 911
uid/gid changed: false
-------------------------------------
updating file uid/gid ownership
Database and config directory are empty...
Init new ldap server...
Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.50+dfsg-1~bpo10+1... done.
Creating initial configuration... done.
Creating LDAP directory... done.
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
Start OpenLDAP...
Waiting for OpenLDAP to start...
Add bootstrap schemas...
config file testing succeeded
Add image bootstrap ldif...
Add custom bootstrap ldif...
*** /container/run/startup/slapd failed with status 68
*** Killing all processes...
*** /container/tool/run failed with status 1
*** Killing all processes...
我这里有什么遗漏的吗?
考虑将两个数组元素
["--loglevel", "debug"]
添加到您的参数中。这将启用 LDAP 服务器的调试模式(请参阅您正在使用的 osixia/openldap 容器映像的文档)。
之前我收到了与您完全相同的神秘错误消息:
*** ERROR | /container/run/startup/slapd failed with status 68
启用调试模式后,它实际上告诉我问题是什么:
65537a07 conn=1015 op=1 ADD dn="dc=mycompany,dc=de"
65537a07 conn=1015 op=1 RESULT tag=105 err=68 text=
65537a07 conn=1015 op=2 UNBIND
65537a07 conn=1015 fd=12 closed
*** DEBUG | 2023-11-14 13:45:43 | ldap_add: Already exists (68)
adding new entry "dc=mycompany,dc=de"
ldap_add: Already exists (68)
adding new entry "dc=mycompany,dc=de"
65537a07 daemon: shutdown requested and initiated.
65537a07 slapd shutdown: waiting for 0 operations/tasks to finish
65537a07 slapd stopped.
*** ERROR | 2023-11-14 13:45:43 | /container/run/startup/slapd failed with status 68
显然,我尝试添加一个实体,其专有名称为“dc=mycompany,dc=de”,但它已经存在。
我不知道你的情况是什么问题,但是打开调试日志肯定会让你更进一步。我的错误是将环境变量
LDAP_ORGANISATION=mycompany
、
LDAP_DOMAIN=mycompany.de
和
LDAP_BASE_DN=dc=mycompany,dc=de
设置到我的容器(在开始时自动创建此根实体),因此在加载我的 LDIF 文件时,该实体已经存在,并且我收到致命错误尝试第二次添加时出错。
68 LDAP_ALREADY_EXISTS 表示
来源,类似来源