Hi folks,
inside Podman I run Rocky Linux 8
podman run -dt --name rl8 docker.io/rockylinux/rockylinux:8 podman exec -it rl8 bash
This is not for production, I use it as an interactive shell for playing around with OpenLDAP server for leraning purposes. After I finished my leraning I' ll get rid of the container and the image.
Because inside the container I do not have any infrastructure like "systemd" I start OpenLDAP server simply with
slapd
and it seems to be running as I can see with
ps aux | grep slapd root 547 0.0 2.2 482424 371196 ? Ssl 11:28 0:00 slapd root 553 0.0 0.0 16404 2176 pts/1 S+ 12:07 0:00 grep --color=auto slapd
Now from inside the same container I want to run ldapmodify against that OpenLDAP server but I get an error:
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -d 5 -f grund.ldif ldap_url_parse_ext(ldapi:///) ldap_create ldap_url_parse_ext(ldapi:///??base) ldap_sasl_interactive_bind: user selected: EXTERNAL ldap_int_sasl_bind: EXTERNAL ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_path ldap_new_socket: 4 ldap_connect_to_path: Trying /var/run/ldapi ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_ndelay_on: 4 ldap_close_socket: 4 ldap_msgfree ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
In the /etc/openldap/ldap.conf file I did NOT specify the BASE and URI configurations, not sure if this might cause a problem.
With Netcat I see
nc localhost 636 Ncat: Connection refused.
and
time nc localhost 389 ... nothing happesn, seems to hang forever
Why can' t I connect from ldapmodify to the slapd? How can I further investigate the problem?
Regards,
Meikel
Hi there,
inside Podman I run Rocky Linux 8
podman run -dt --name rl8 docker.io/rockylinux/rockylinux:8 podman exec -it rl8 bash
This is not for production, I use it as an interactive shell for playing around with OpenLDAP server for leraning purposes. After I finished my leraning I' ll get rid of the container and the image.
Because inside the container I do not have any infrastructure like "systemd" I start OpenLDAP server simply with
slapd
You should have a look at the slapd.service file to check what the command looks like that systemd would use to start the server. There might also be configuration files involved whose content are used to change the command line arguments.
With your current invocation slapd only listens to a UNIX socket file. The man page states that it uses /usr/local/var/ldapi in case no filename is given with ldapi://
I'm not familiar with podman but from my POV it doesn't make sense that systemd is not available in the container.
Hope that helps,
Uwe
and it seems to be running as I can see with
ps aux | grep slapd root 547 0.0 2.2 482424 371196 ? Ssl 11:28 0:00 slapd root 553 0.0 0.0 16404 2176 pts/1 S+ 12:07 0:00 grep --color=auto slapd
Now from inside the same container I want to run ldapmodify against that OpenLDAP server but I get an error:
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -d 5 -f grund.ldif ldap_url_parse_ext(ldapi:///) ldap_create ldap_url_parse_ext(ldapi:///??base) ldap_sasl_interactive_bind: user selected: EXTERNAL ldap_int_sasl_bind: EXTERNAL ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_path ldap_new_socket: 4 ldap_connect_to_path: Trying /var/run/ldapi ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_ndelay_on: 4 ldap_close_socket: 4 ldap_msgfree ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
In the /etc/openldap/ldap.conf file I did NOT specify the BASE and URI configurations, not sure if this might cause a problem.
With Netcat I see
nc localhost 636 Ncat: Connection refused.
and
time nc localhost 389 ... nothing happesn, seems to hang forever
Why can' t I connect from ldapmodify to the slapd? How can I further investigate the problem?
Regards,
Meikel _______________________________________________ rocky mailing list -- rocky@lists.resf.org To unsubscribe send an email to rocky-leave@lists.resf.org
Hello.
With your current invocation slapd only listens to a UNIX socket file. The man page states that it uses /usr/local/var/ldapi in case no filename is given with ldapi://
Now i run it with
slapd -u ldap -h "ldap:/// ldaps:/// ldapi:///"
and this solves the problem.
Thank you very much.
Meikel
Le 23/05/2023 à 14:54, Uwe Sauter via rocky a écrit :
Hi there,
inside Podman I run Rocky Linux 8
podman run -dt --name rl8 docker.io/rockylinux/rockylinux:8 podman exec -it rl8 bash
This is not for production, I use it as an interactive shell for playing around with OpenLDAP server for leraning purposes. After I finished my leraning I' ll get rid of the container and the image.
Because inside the container I do not have any infrastructure like "systemd" I start OpenLDAP server simply with
slapd
You should have a look at the slapd.service file to check what the command looks like that systemd would use to start the server. There might also be configuration files involved whose content are used to change the command line arguments.
With your current invocation slapd only listens to a UNIX socket file. The man page states that it uses /usr/local/var/ldapi in case no filename is given with ldapi://
I'm not familiar with podman but from my POV it doesn't make sense that systemd is not available in the container.
Hope that helps,
Uwe
and it seems to be running as I can see with
ps aux | grep slapd root 547 0.0 2.2 482424 371196 ? Ssl 11:28 0:00 slapd root 553 0.0 0.0 16404 2176 pts/1 S+ 12:07 0:00 grep --color=auto slapd
Now from inside the same container I want to run ldapmodify against that OpenLDAP server but I get an error:
ldapmodify -Q -Y EXTERNAL -H ldapi:/// -d 5 -f grund.ldif ldap_url_parse_ext(ldapi:///) ldap_create ldap_url_parse_ext(ldapi:///??base) ldap_sasl_interactive_bind: user selected: EXTERNAL ldap_int_sasl_bind: EXTERNAL ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_path ldap_new_socket: 4 ldap_connect_to_path: Trying /var/run/ldapi ldap_connect_timeout: fd: 4 tm: -1 async: 0 ldap_ndelay_on: 4 ldap_close_socket: 4 ldap_msgfree ldap_err2string ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)
In the /etc/openldap/ldap.conf file I did NOT specify the BASE and URI configurations, not sure if this might cause a problem.
With Netcat I see
nc localhost 636 Ncat: Connection refused.
and
time nc localhost 389 ... nothing happesn, seems to hang forever
Why can' t I connect from ldapmodify to the slapd? How can I further investigate the problem?
Regards,
Meikel _______________________________________________ rocky mailing list -- rocky@lists.resf.org To unsubscribe send an email to rocky-leave@lists.resf.org
rocky mailing list -- rocky@lists.resf.org To unsubscribe send an email to rocky-leave@lists.resf.org
-
Meikel -
Uwe Sauter