Thursday, March 24, 2022

[389-users] 389ds for Dummies: How to get started with an empty 389ds server?

Hi everyone,

sorry if this question was asked before, but as I found nothing in the docs I am
blocked at the moment.

I got 389ds running in Kubernetes, which uses a very simple container.inf file:

> [localhost]
> # Note that '/' is replaced to '%%2f' for ldapi url format.
> # So this is pointing to /data/run/slapd-localhost.socket
> uri = ldapi://%%2fdata%%2frun%%2fslapd-localhost.socket
> binddn = cn=Directory Manager
> # Set your basedn here
> basedn = dc=example,dc=com

So no sample entries are being generated (no "sample_entries = yes").

I tried to follow and see which steps I need from the quickstart:

Checking the status is the first thing that does not work, as dsctl inside the
container does not have a "status" subcommand:
> 389server-6fff4cb6d8-kjjd4:/ # dsctl slapd-localhost status
> usage: dsctl [-h] [-v] [-j] [-l] [instance] {db2index,db2bak,db2ldif,dbverify,bak2db,ldif2db,backups,ldifs,tls,healthcheck,get-nsstate,ldifgen,dsrc,cockpit,dblib} ...
> dsctl: error: invalid choice: 'status' (choose from 'db2index', 'db2bak', 'db2ldif', 'dbverify', 'bak2db', 'ldif2db', 'backups', 'ldifs', 'tls', 'healthcheck', 'get-nsstate', 'ldifgen', 'dsrc', 'cockpit', 'dblib')
> 389server-6fff4cb6d8-kjjd4:/ #

The "healthcheck" seems to be successful. Puuh.

Adding a user fails with "Error: 105 - 4 - 32 - No such object - []", most
probably because there is no content inside the server yet (no base object,
users OU or similar).

So I tried to query the server using ldapsearch (from the outside) and got a
working connection, even with "-ZZ":

> $ ldapsearch -x -W -H ldap://my-389ds-server -D "cn=Directory Manager" -ZZ -b cn=config
> [...]
> # search result
> search: 3
> result: 0 Success
> # numResponses: 161
> # numEntries: 160

OK, let's add a base object using ldapadd:

> dn: dc=example,dc=com
> objectClass: domain
> objectClass: dcObject

> $ ldapadd -x -f base_only.ldif -D "cn=Directory Manager" -W -H ldap://my-389ds-server
> Enter LDAP Password:
> adding new entry "dc=example,dc=com"
> ldap_add: No such object (32)

I tried different combinations of objectClass'es, but always got error 32.

Question: How do I get content into the server initially? It seems I have an
empty server, but I found no documentation on what to do at this point.

Am I missing some schema? If so, how would I bootstrap it?

Sorry if those are obvious questions, but either I am lacking the deep LDAP
knowledge to answer them myself or there is an error in my setup.

Thanks in advance!


Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802

B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537

No comments:

Post a Comment