[bitnami/openldap] Unable to login to openldap database

[Ericacti]

Name and Version

nitnami/openldap:latest

What architecture are you using?

amd64

What steps will reproduce the bug?

i run a container bitnami/openldap with and UI (LAM, phpldapdmin,..) and i am unable to login openldap database.

the docker-compose file is :

version: '3'
services:
  openldap:
    image: bitnami/openldap:latest
    container_name: openldap
    restart: always
    hostname: serveur-ldap
    ports:
      - "389:389"
    environment:
      LDAP_ROOT: "dc=example,dc=org"
      LDAP_ADMIN_USERNAME: "admin"
      LDAP_ADMIN_DN: "cn=admin,dc=example,dc=org"
      LDAP_ADMIN_PASSWORD: "admin"
      LDAP_ADD_SCHEMAS: "yes"
    volumes:
      - type: bind
        source: openldap_data
        target: /bitnami/openldap

  phpldapadmin:
    image: osixia/phpldapadmin:latest
    container_name: phpldapadmin
    restart: always
    hostname: serveur-web
    environment:
      PHPLDAPADMIN_LDAP_HOSTS: "openldap"
      PHPLDAPADMIN_HTTPS: "false"
    ports:
      - "8080:80"
    depends_on:
      - openldap

volumes:
  openldap_data:

What is the expected behavior?

No response

What do you see instead?

i am unable to login to openldap database since the http://localhost:8080 with the message :
"unable to connect to ldap server openldap"
"Failed to authentificate to server"

Additional information

No response

[javsalgar]

Are you able to connect to openldap using other clients, like the openldap CLI or similar? Just to ensure the issue is not related to the web application.

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[andrew-stclair]

Not the original poster, but having the same issue.

I'm using the Apache Directory Studio client, and cant auth with the admin account defined in the environment variables, but when i connect as anon, i can see no admin user anywhere in the tree

Tree from Apache Directory Studio

docker-compose

[javsalgar]

Hi,

Could you launch the container with BITNAMI_DEBUG=true and show the logs? Maybe there is an issue with the initialization.

[andrew-stclair]

Sure,

 21:32:47.09 INFO  ==> ** Starting LDAP setup **
 21:32:47.55 INFO  ==> Validating settings in LDAP_* env vars
 21:32:47.88 INFO  ==> Initializing OpenLDAP...
 21:32:47.88 DEBUG ==> Ensuring expected directories/files exist...
 21:32:48.08 INFO  ==> Creating LDAP online configuration
 21:32:48.20 INFO  ==> Starting OpenLDAP server in background
 21:32:48.95 INFO  ==> Configure LDAP credentials for admin user
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={2}hdb,cn=config"

modifying entry "olcDatabase={1}monitor,cn=config"

 21:32:48.99 INFO  ==> Adding LDAP extra schemas
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=cosine,cn=schema,cn=config"

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=inetorgperson,cn=schema,cn=config"

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=nis,cn=schema,cn=config"

 21:32:49.03 INFO  ==> Creating LDAP default tree
adding new entry "dc=example,dc=com"

adding new entry "ou=users,dc=example,dc=com"

adding new entry "cn=user01,ou=users,dc=example,dc=com"

adding new entry "cn=user02,ou=users,dc=example,dc=com"

adding new entry "cn=readers,ou=users,dc=example,dc=com"

 21:32:51.39 INFO  ==> ** LDAP setup finished! **

 21:32:51.43 INFO  ==> ** Starting slapd **
659f0d03 @(#) $OpenLDAP: slapd 2.4.58 (Mar 17 2021 00:19:19) $
	@0a164ab8b404:/bitnami/blacksmith-sandox/openldap-2.4.58/servers/slapd
659f0d03 hdb_db_open: warning - no DB_CONFIG file found in directory /bitnami/openldap/data: (2).
Expect poor performance for suffix "dc=example,dc=com".
659f0d03 slapd starting

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[andrew-stclair]

Hello Stale-Bot

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[andrew-stclair]

Hello Stale-Bot

[CeliaGMqrz]

Hi @andrew-stclair,

Thanks for your patience.

I'm sorry, but I was unable to replicate the reported error.

Based on the information provided, the issue may be related to a configuration issue with the database. Please provide me with more details on how you are connecting the services. This information can help me to better understand the issue and reproduce it.

Can you please show me the output of the following command to check if the administrator has been successfully created and log in?

ldapwhoami -vvv -x -H ldap://localhost:1389 -D "cn=admin,dc=example,dc=com" -w adminpassword

[andrew-stclair]

Certainly

$ ldapwhoami -vvv -x -H ldap://localhost:1389 -D "cn=admin,dc=example,dc=com" -w adminpassword
ldap_initialize( ldap://localhost:1389/??base )
dn:cn=admin,dc=example,dc=com
Result: Success (0)

I don't know what's different. I'll review my configuration in Apache Directory Studio

[github-actions]

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

[github-actions]

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.

[maximluo]

I met the same problem. Use ldapsearch to find the admin account, but no result. The strange thing is, even no admin account could be found, but still could connect the database and do CURD with admin password.