starred/docker-test-openldap
1
0
Fork 0
mirror of https://github.com/rroemhild/docker-test-openldap.git synced 2026-04-25 07:05:50 +03:00
Code Issues 14 Projects Releases 3 Packages Wiki Activity

[PR #3] [MERGED] Move MSAD LDAP config into core schema #46

New issue
Closed
opened 2026-02-27 16:47:47 +03:00 by kerem · 0 comments
kerem commented 2026-02-27 16:47:47 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/rroemhild/docker-test-openldap/pull/3
Author: @timtrinidad
Created: 1/20/2018
Status: Merged
Merged: 1/21/2018
Merged by: @rroemhild

Base: masterHead: master

📝 Commits (1)

  • 926b05a Move MSAD LDAP config into core schema

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 bootstrap/config/msad.ldif (+2 -2)

📄 Description

When running an ldapsearch for groups, no results are found:

$ ldapsearch -vvv -LLL -H ldap://localhost  -D 'cn=admin,dc=planetexpress,dc=com' -w GoodNewsEveryone -b dc=planetexpress,dc=com '(objectClass=Group)'
ldap_initialize( ldap://localhost:389/??base )
filter: (objectClass=Group)
requesting: All userApplication attributes

The logs show that the objectClass is unknown (with the ?objectClass):

5a6345af conn=1001 fd=18 ACCEPT from IP=172.17.0.1:60528 (IP=0.0.0.0:389)
5a6345af conn=1001 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128
5a6345af conn=1001 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0
5a6345af conn=1001 op=0 RESULT tag=97 err=0 text=
5a6345af conn=1001 op=1 SRCH base="dc=planetexpress,dc=com" scope=2 deref=0 filter="(?objectClass=Group)"
5a6345af conn=1001 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
5a6345af conn=1001 op=2 UNBIND
5a6345af conn=1001 fd=18 closed

And dumping the schema doesn't show the MSAD schema modifications

$ docker exec openldap ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=schema,cn=config | grep groupType
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0

By moving the MSAD schema into cn={0}core,cn=schema,cn=config, all of the above works. However, I'm still not completely sure why it didn't work properly before.

Search:

$ ldapsearch -vvv -LLL -H ldap://localhost  -D 'cn=admin,dc=planetexpress,dc=com' -w GoodNewsEveryone -b dc=planetexpress,dc=com '(objectClass=Group)'
ldap_initialize( ldap://localhost:389/??base )
filter: (objectClass=Group)
requesting: All userApplication attributes
dn: cn=admin_staff,ou=people,dc=planetexpress,dc=com
objectClass: Group
objectClass: top
groupType: 2147483650
cn: admin_staff
member: cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com
member: cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com

dn: cn=ship_crew,ou=people,dc=planetexpress,dc=com
objectClass: Group
objectClass: top
groupType: 2147483650
cn: ship_crew
member: cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com
member: cn=Turanga Leela,ou=people,dc=planetexpress,dc=com
member:: Y249QmVuZGVyIEJlbmRpbmcgUm9kcsOtZ3VleixvdT1wZW9wbGUsZGM9cGxhbmV0ZXhwc
 mVzcyxkYz1jb20=

Logs (notice the question mark no longer precedes objectClass):

5a63466e conn=1000 fd=18 ACCEPT from IP=172.17.0.1:60530 (IP=0.0.0.0:389)
5a63466e conn=1000 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128
5a63466e conn=1000 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0
5a63466e conn=1000 op=0 RESULT tag=97 err=0 text=
5a63466e conn=1000 op=1 SRCH base="dc=planetexpress,dc=com" scope=2 deref=0 filter="(objectClass=Group)"
5a63466e conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text=
5a63466e conn=1000 op=2 UNBIND
5a63466e conn=1000 fd=18 closed

Schema dump:

$ docker exec openldap ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=schema,cn=config | grep groupType
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
olcAttributeTypes: {52}( 1.2.840.113556.1.4.750 NAME 'groupType'  SYNTAX '1.3.
 of users'       SUP top STRUCTURAL       MUST ( groupType $ cn)       MAY ( m

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/rroemhild/docker-test-openldap/pull/3 **Author:** [@timtrinidad](https://github.com/timtrinidad) **Created:** 1/20/2018 **Status:** ✅ Merged **Merged:** 1/21/2018 **Merged by:** [@rroemhild](https://github.com/rroemhild) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`926b05a`](https://github.com/rroemhild/docker-test-openldap/commit/926b05a5cafc97a18f1981f518b59763c0ce2b45) Move MSAD LDAP config into core schema ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `bootstrap/config/msad.ldif` (+2 -2) </details> ### 📄 Description When running an `ldapsearch` for groups, no results are found: ``` $ ldapsearch -vvv -LLL -H ldap://localhost -D 'cn=admin,dc=planetexpress,dc=com' -w GoodNewsEveryone -b dc=planetexpress,dc=com '(objectClass=Group)' ldap_initialize( ldap://localhost:389/??base ) filter: (objectClass=Group) requesting: All userApplication attributes ``` The logs show that the objectClass is unknown (with the `?objectClass`): ``` 5a6345af conn=1001 fd=18 ACCEPT from IP=172.17.0.1:60528 (IP=0.0.0.0:389) 5a6345af conn=1001 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128 5a6345af conn=1001 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0 5a6345af conn=1001 op=0 RESULT tag=97 err=0 text= 5a6345af conn=1001 op=1 SRCH base="dc=planetexpress,dc=com" scope=2 deref=0 filter="(?objectClass=Group)" 5a6345af conn=1001 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text= 5a6345af conn=1001 op=2 UNBIND 5a6345af conn=1001 fd=18 closed ``` And dumping the schema doesn't show the MSAD schema modifications ``` $ docker exec openldap ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=schema,cn=config | grep groupType SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 ``` By moving the MSAD schema into `cn={0}core,cn=schema,cn=config`, all of the above works. However, I'm still not completely sure why it didn't work properly before. Search: ``` $ ldapsearch -vvv -LLL -H ldap://localhost -D 'cn=admin,dc=planetexpress,dc=com' -w GoodNewsEveryone -b dc=planetexpress,dc=com '(objectClass=Group)' ldap_initialize( ldap://localhost:389/??base ) filter: (objectClass=Group) requesting: All userApplication attributes dn: cn=admin_staff,ou=people,dc=planetexpress,dc=com objectClass: Group objectClass: top groupType: 2147483650 cn: admin_staff member: cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com member: cn=Hermes Conrad,ou=people,dc=planetexpress,dc=com dn: cn=ship_crew,ou=people,dc=planetexpress,dc=com objectClass: Group objectClass: top groupType: 2147483650 cn: ship_crew member: cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com member: cn=Turanga Leela,ou=people,dc=planetexpress,dc=com member:: Y249QmVuZGVyIEJlbmRpbmcgUm9kcsOtZ3VleixvdT1wZW9wbGUsZGM9cGxhbmV0ZXhwc mVzcyxkYz1jb20= ``` Logs (notice the question mark no longer precedes `objectClass`): ``` 5a63466e conn=1000 fd=18 ACCEPT from IP=172.17.0.1:60530 (IP=0.0.0.0:389) 5a63466e conn=1000 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" method=128 5a63466e conn=1000 op=0 BIND dn="cn=admin,dc=planetexpress,dc=com" mech=SIMPLE ssf=0 5a63466e conn=1000 op=0 RESULT tag=97 err=0 text= 5a63466e conn=1000 op=1 SRCH base="dc=planetexpress,dc=com" scope=2 deref=0 filter="(objectClass=Group)" 5a63466e conn=1000 op=1 SEARCH RESULT tag=101 err=0 nentries=2 text= 5a63466e conn=1000 op=2 UNBIND 5a63466e conn=1000 fd=18 closed ``` Schema dump: ``` $ docker exec openldap ldapsearch -H ldapi:/// -Y EXTERNAL -b cn=schema,cn=config | grep groupType SASL/EXTERNAL authentication started SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth SASL SSF: 0 olcAttributeTypes: {52}( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX '1.3. of users' SUP top STRUCTURAL MUST ( groupType $ cn) MAY ( m ``` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-02-27 16:47:47 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
revert-44-ship_crew_mail
v1.0
v2.5.0
v2.4.0
2.3
2.2
2.1
1.1
2.0
v1
1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-test-openldap#46
No description provided.