无法在 Osixia-OpenLdap 映像中使用 LDIF 文件添加用户

问题描述 投票:0回答:1

我正在尝试使用图像

osixia/openldap:1.5.0
作为k8s服务创建一个OpenLdap实例。图像工作得非常好,Ldap 实例也工作得很好。但是,当我尝试使用
user.ldif
文件创建用户时,出现错误。我创建了一个名为
users
的 configmap 并将其安装到 k8s 集群。

openldap.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: open-ldap-pod
  labels:
    app: open-ldap-pod
spec:
  selector:
    matchLabels:
      app: open-ldap-pod
  replicas: 1
  template:
    metadata:
      labels:
        app: open-ldap-pod
    spec:
      containers:
      - name: open-ldap-pod
        image: osixia/openldap:1.5.0
        args: [ "-c", "/container/tool/run --copy-service" ]
        ports:
        - containerPort: 389
          name: openldap
        volumeMounts:
        - name: users
          mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom/users.ldif
          subPath: users.ldif
      volumes:
      - name: users
        configMap:
         name: users
         items:
         - key: users.ldif
           path: users.ldif

用户.ldif

dn: ou=People,dc=example,dc=org
ou: People
objectClass: organizationalUnit

dn: cn=john,ou=People,dc=example,dc=org
myAttribute1: myAttribute
myAttribute2: myAttribute
sn: john
mail: [email protected]
cn: john
objectClass: personnel

dn: cn=mike,ou=People,dc=example,dc=org
myAttribute1: myAttribute
myAttribute2: myAttribute
sn: mike
mail: [email protected]
cn: mike
objectClass: personnel

错误堆栈:

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** link /container/service/slapd/startup.sh to /container/run/startup/slapd
*** link /container/service/slapd/process.sh to /container/run/process/slapd/run
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running '/container/tool/run --copy-service'...
*** CONTAINER_LOG_LEVEL = 3 (info)
*** Copy /container/service to /container/run/service
*** Search service in CONTAINER_SERVICE_DIR = /container/run/service :
*** link /container/run/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** failed to link /container/run/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools: [Errno 17] File exists: '/container/run/service/:ssl-tools/startup.sh' -> '/container/run/startup/:ssl-tools'
*** link /container/run/service/slapd/startup.sh to /container/run/startup/slapd
*** failed to link /container/run/service/slapd/startup.sh to /container/run/startup/slapd: [Errno 17] File exists: '/container/run/service/slapd/startup.sh' -> '/container/run/startup/slapd'
*** link /container/run/service/slapd/process.sh to /container/run/process/slapd/run
*** directory /container/run/process/slapd already exists
*** failed to link /container/run/service/slapd/process.sh to /container/run/process/slapd/run : [Errno 17] File exists: '/container/run/service/slapd/process.sh' -> '/container/run/process/slapd/run'
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/:ssl-tools...
*** Running /container/run/startup/slapd...
openldap user and group adjustments
get current openldap uid/gid info inside container
-------------------------------------
openldap GID/UID
-------------------------------------
User uid: 911
User gid: 911
uid/gid changed: false
-------------------------------------
updating file uid/gid ownership
Database and config directory are empty...
Init new ldap server...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.50+dfsg-1~bpo10+1... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
Start OpenLDAP...
Waiting for OpenLDAP to start...
Add bootstrap schemas...
config file testing succeeded
Add image bootstrap ldif...
Add custom bootstrap ldif...
*** /container/run/startup/slapd failed with status 68

*** Killing all processes...
*** /container/tool/run failed with status 1

*** Killing all processes...

我这里有什么遗漏的吗?

docker kubernetes ldap openldap osixia
1个回答
0
投票

考虑将两个数组元素

["--loglevel", "debug"]
添加到您的参数中。这将启用 LDAP 服务器的调试模式(请参阅您正在使用的 osixia/openldap 容器映像的文档)。

之前我收到了与您完全相同的神秘错误消息:

***  ERROR | /container/run/startup/slapd failed with status 68

启用调试模式后,它实际上告诉我问题是什么

65537a07 conn=1015 op=1 ADD dn="dc=mycompany,dc=de" 65537a07 conn=1015 op=1 RESULT tag=105 err=68 text= 65537a07 conn=1015 op=2 UNBIND 65537a07 conn=1015 fd=12 closed *** DEBUG | 2023-11-14 13:45:43 | ldap_add: Already exists (68) adding new entry "dc=mycompany,dc=de" ldap_add: Already exists (68) adding new entry "dc=mycompany,dc=de" 65537a07 daemon: shutdown requested and initiated. 65537a07 slapd shutdown: waiting for 0 operations/tasks to finish 65537a07 slapd stopped. *** ERROR | 2023-11-14 13:45:43 | /container/run/startup/slapd failed with status 68
显然,我

尝试添加一个实体,其专有名称为“dc=mycompany,dc=de”,但它已经存在

我不知道你的情况是什么问题,但是打开调试日志肯定会让你更进一步。

我的错误是将环境变量

LDAP_ORGANISATION=mycompany

LDAP_DOMAIN=mycompany.de
LDAP_BASE_DN=dc=mycompany,dc=de
 设置到我的容器(在开始时自动创建此根实体),因此在加载我的 LDIF 文件时,该实体已经存在,并且我收到致命错误尝试第二次添加时出错。


LDAP 错误 68

LDAP 错误代码

68 LDAP_ALREADY_EXISTS 表示

    添加操作尝试添加已存在的条目或
  • 修改操作尝试将条目重命名为已存在条目的名称。

来源类似来源

© www.soinside.com 2019 - 2024. All rights reserved.