ldapsearch: command not found

[budbay]

I was trying to do a full ldif export from fusiondirectory and it gives the following error: "Failed to generate ldap export, error was "sh: ldapsearch: not found"". i thought it might be related to my settings somehow so i exec in container to try ldapsearch from there and receive the following error: "bash: ldapsearch: not found". i checked the bin directories and did not see ldapsearch. would it be possible to add the binary to the container to restore this functionality? i like to do the export from time to time as a backup. thanks.

[tiredofit]

Strange, I see it in /usr/bin - Check again?

As for LDIF exports, I've built in backup routines to help you with that. However they may different from what you may be used to: From the README of the parent image (tiredofit/docker-openldap):

| Variable | Description |
|-----------|-------------|
| `BACKUP_CONFIG_CRON_PERIOD` | Cron expression to schedule OpenLDAP config backup. Defaults `0 4 * * *` Every day at 4am. |
| `BACKUP_DATA_CRON_PERIOD` | Cron expression to schedule OpenLDAP data backup. Defaults `0 4 * * *`  Every day at 4am. |
| `BACKUP_TTL ` | Automatically cleanup backup after how many days. Default `15` |

Also, you can do it while inside the container with slapcat -n0 >/tmp/config.ldif and slapcat -n1 >/tmp/data.ldif. To readd in this manner you would need to shutdown openldap inside the container by executing s6-svc -d /var/run/s6/services/10-openldap followed by a pkill slapd then, this is where it gets a bit gnarly. rm -rf /var/lib/openldap/* and rm -rf /etc/slapd.d. Then you could add your backed up data back in with the slapadd command. Restart OpenLdap with s6-svc -u /var/run/s6/services/10-openldap

[budbay]

thanks for the quick reply, you are correct that this is the case with the openldap-fusiondirectory (LDAP) container, but it does not seem to be present in the fusiondirectory container (web app), i was trying to do this from the fusion directory app by going to LDAP import/export menu. i hope i didnt post in the wrong place, it seems we are discussing different containers. i am using the cron backups with the LDAP container, as you hint, i am not used to doing it this way so while i familiarize myself with these features i was trying to backup from the fusiondirectory app. i do appreciate your work with this, i recently setup a new server and had my ldap up and running in no time.

[tiredofit]

Oh jeesh, my bad. Late in the day for me, you are in the frontend container and ARE posting in the right spot. I don't see a problem with adding the openldap-clients package in Alpine to support this!

[budbay]

No worries, just making sure since i am using several of your containers. thanks for sharing your work, look forward to the addition!

[tiredofit]

Glad they are of use to you! I've just pushed a new release (it might take an hour or so to hit Docker Hub) tagged :latest or :1.14 that should give you access to ldapsearch and the other utilities along with a few other fixes. I believe FusionDirectory 1.3 is imminent so there should be another release following within the month.

[budbay]

thanks for the update! ldap search is working but i now have a different error, "Failed to generate ldap export, error was "ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)"", again this is when using export complete ldif function. i was able to use ldap search as root inside container, but i assume the app is running as nginx user. if i run ldap search as nginx then this error is produced. i am also using user namespaces so that may be contributing. definitely seems like a permissions issue. either way it seems getting this function to work isn't a quick fix as i hoped. i realize that this may be beyond the scope of your intended use of the containers, especially since you have a backup function built in already. that being said feel free to close this issue if you dont want to proceed down this rabbit hole. i will start to better educate myself on how your backup solution works, primarily how to restore from one. thanks again.

[tiredofit]

Can you try this? chmod +s /usr/bin/ldapsearch from inside the container and see if your export now works? It's hackish but I can work this into the image if necessary.

[budbay]

so i still get the same error, however it does allow ldapsearch from nginx user now. so i guess i was wrong about permissions, must be something with my configuration. ill need to look at the plugin code and see where its going wrong. it does give a hint, fusiondirectory/plugins/addons/ldapmanager/class_ldapmanager.inc line 183. ill keep investigating.