Confused on how to add schemas and enable modules

Question

Confused on how to add schemas and enable modules

ToxicMushroom opened this issue 8 months ago · comments

I am currently trying out this image over bitname/openldap since you advertised modules such as memberof and built in schemas.
However I have yet to get either of them working :/

Tried 1

Starting the container with my configs below yields this error for postfix-boot:

/opt/bitnami/openldap/etc/schema/postfix-book.ldif: No such file or directory

And I've not seen any sign of memberof being loaded altough I added it to my ldifs folder
root@zungenbrecher:/opt/ldap# cat ldifs/memberof.ldif

dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModulePath: /opt/bitnami/openldap/libexec
olcModuleLoad: memberof.la

I have no name!@9615e2a23efd:/$ slapcat -n0 | grep olcModuleLoad gives no output

.env:

LDAP_ORGANISATION="Melijn"

LDAP_ROOT="dc=melijn,dc=com"
LDAP_ADMIN_USERNAME=admin
LDAP_ADMIN_PASSWORD=redacted
LDAP_USER_DC=users
LDAP_GROUP=readers
LDAP_ADD_SCHEMAS=yes
LDAP_EXTRA_SCHEMAS=cosine, inetorgperson, nis, postfix-book
LDAP_HASH_PASSWORD=SHA512CRYPT

LDAP_SKIP_DEFAULT_TREE=no

LDAP_ULIMIT_NOFILES=1024
LDAP_ALLOW_ANON_BINDING=no
LDAP_LOGLEVEL=256 # https://www.openldap.org/doc/admin25/slapdconfig.html

LDAP_PORT_NUMBER=389
LDAP_LDAPS_PORT_NUMBER=636

LDAP_ENABLE_TLS=yes
LDAP_TLS_CERT_FILE=/opt/bitnami/openldap/certs2/cert.pem
LDAP_TLS_KEY_FILE=/opt/bitnami/openldap/certs2/privkey.pem
LDAP_TLS_CA_FILE=/opt/bitnami/openldap/certs2/fullchain.pem

docker-compose.yml:

version: "2.1"
services:
  ldap:
    image: registry.gitlab.com/bitspur/rock8s/docker-openldap:latest
    container_name: ldap
    ports:
      - 389:389
      - 636:636
    env_file: .env
    depends_on:
      - ldap_certs
    volumes:
      - /data/openldap2:/bitnami/openldap
      - ./migrations:/migrations
      - ./ldifs:/ldifs
      - ./schemas:/schemas
      - ./data/certs/ldap.melijn.com:/opt/bitnami/openldap/certs2:r
    restart: unless-stopped
    networks:
      - proxy_default
  ldap_certs:
    image: docker.io/matrixdotorg/dehydrated:latest
    container_name: ldap_certs
    volumes:
      - ./data:/data
    env_file: .certs.env
  ldap_admin:
    image: osixia/phpldapadmin:latest
    container_name: ldap_admin
    depends_on:
      - ldap
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "ldap"
      PHPLDAPADMIN_HTTPS: "false"
    networks:
      - proxy_default
    labels:
      - "traefik.http.routers.ldap-admin.rule=Host(`ldapadmin.melijn.com`)"
      - "traefik.enable=true"
      - "traefik.http.services.ldap-admin.loadbalancer.server.port=80"
      - "traefik.http.routers.ldap-admin.tls=true"
      - "traefik.http.routers.ldap-admin.entrypoints=websecure"
      - "traefik.http.routers.ldap-admin.tls.certresolver=le"
networks:
  proxy_default:
    external: true

Startup log:
startup.txt

Tried too

Same things but memberof.ldif inside schemas
Same things but postfix-book inside schemas
Same things without postfix-book inside the LDAP_EXTRA_SCHEMAS and postfix-book inside schemas

Could someone please point out what I'm doing wrong here ?

Alexander Hein · Answer 1 · Fri Oct 27 2023 04:43:43 GMT+0800 (China Standard Time)

Hi, I'm facing the same issue. Any progress on that?

Merlijn · Answer 2 · Fri Oct 27 2023 20:36:05 GMT+0800 (China Standard Time)

nope, I've fiddled around with it for a couple days before giving up and making this issue.

Clay Risser · Answer 3 · Thu Nov 23 2023 04:44:43 GMT+0800 (China Standard Time)

You have to put modules that you load in the /schemas folder. Basically due to the way the bitnami container works (which this is built on top of, /ldifs doesn't work for loading modules).

Here is an example.

https://github.com/clayrisser/docker-openldap/blob/main/context/schemas/module.ldif

Clay Risser · Answer 4 · Thu Nov 23 2023 04:45:29 GMT+0800 (China Standard Time)

I'll try to update the docs to mention this.

Merlijn · Answer 5 · Thu Nov 23 2023 06:51:42 GMT+0800 (China Standard Time)

You have to put modules that you load in the /schemas folder. Basically due to the way the bitnami container works (which this is built on top of, /ldifs doesn't work for loading modules).

Here is an example.

https://github.com/clayrisser/docker-openldap/blob/main/context/schemas/module.ldif

I have tried this though
In my first message it says in the Tried too section: "Same things but memberof.ldif inside schemas"

Is https://github.com/clayrisser/docker-openldap/blob/main/context/schemas/module.ldif a template for modules or do I need to load this to enable other modules ?

root@zungenbrecher:~# cd /opt/ldap/
root@zungenbrecher:/opt/ldap# ls schemas/
memberof.ldif  postfix-book.schema
root@zungenbrecher:/opt/ldap# cat schemas/memberof.ldif
dn: cn=module,cn=config
cn: module
objectClass: olcModuleList
olcModulePath: /opt/bitnami/openldap/libexec
olcModuleLoad: memberof.la