Thursday, March 24, 2022

[389-users] Re: 389ds for Dummies: How to get started with an empty 389ds server?

Hi,

On Thu, 24 Mar 2022 at 09:20, Johannes Kastl <kastl@b1-systems.de> wrote:
>
> Hi everyone,
>
> sorry if this question was asked before, but as I found nothing in the docs I am
> blocked at the moment.
>
> I got 389ds running in Kubernetes, which uses a very simple container.inf file:

This is actually a .dsrc file (even though it's named differently), so
it's not used to create an instance, but to help you to connect to
your instance using dsconf inside the container.

>
> > [localhost]
> > # Note that '/' is replaced to '%%2f' for ldapi url format.
> > # So this is pointing to /data/run/slapd-localhost.socket
> > uri = ldapi://%%2fdata%%2frun%%2fslapd-localhost.socket
> > binddn = cn=Directory Manager
> > # Set your basedn here
> > basedn = dc=example,dc=com
>
> So no sample entries are being generated (no "sample_entries = yes").
>
> I tried to follow and see which steps I need from the quickstart:
> https://www.port389.org/docs/389ds/howto/quickstart.html
>
> Checking the status is the first thing that does not work, as dsctl inside the
> container does not have a "status" subcommand:
> > 389server-6fff4cb6d8-kjjd4:/ # dsctl slapd-localhost status
> > usage: dsctl [-h] [-v] [-j] [-l] [instance] {db2index,db2bak,db2ldif,dbverify,bak2db,ldif2db,backups,ldifs,tls,healthcheck,get-nsstate,ldifgen,dsrc,cockpit,dblib} ...
> > dsctl: error: invalid choice: 'status' (choose from 'db2index', 'db2bak', 'db2ldif', 'dbverify', 'bak2db', 'ldif2db', 'backups', 'ldifs', 'tls', 'healthcheck', 'get-nsstate', 'ldifgen', 'dsrc', 'cockpit', 'dblib')
> > 389server-6fff4cb6d8-kjjd4:/ #
>
> The "healthcheck" seems to be successful. Puuh.
>
> Adding a user fails with "Error: 105 - 4 - 32 - No such object - []", most
> probably because there is no content inside the server yet (no base object,
> users OU or similar).
>
> So I tried to query the server using ldapsearch (from the outside) and got a
> working connection, even with "-ZZ":
>
> > $ ldapsearch -x -W -H ldap://my-389ds-server -D "cn=Directory Manager" -ZZ -b cn=config
> > [...]
> > # search result
> > search: 3
> > result: 0 Success
> >
> > # numResponses: 161
> > # numEntries: 160
>
> OK, let's add a base object using ldapadd:
>
> > dn: dc=example,dc=com
> > objectClass: domain
> > objectClass: dcObject
>
> > $ ldapadd -x -f base_only.ldif -D "cn=Directory Manager" -W -H ldap://my-389ds-server
> > Enter LDAP Password:
> > adding new entry "dc=example,dc=com"
> > ldap_add: No such object (32)
>
> I tried different combinations of objectClass'es, but always got error 32.
>
> Question: How do I get content into the server initially? It seems I have an
> empty server, but I found no documentation on what to do at this point.

You have to create a backend and suffix first, because they are not
created by default:
dsconf localhost backend create --suffix="dc=example,dc=com" \
--be-name userRoot --create-suffix --create-entries

Leave --create-entries if you don't need sample entries present.

Sorry about the missing docs. I'm working on a howto doc for running
DS in OpenShift, hope to publish it soon.

>
> Am I missing some schema? If so, how would I bootstrap it?
>
> Sorry if those are obvious questions, but either I am lacking the deep LDAP
> knowledge to answer them myself or there is an error in my setup.
>
> Thanks in advance!
>
> Johannes
>
> --
> Johannes Kastl
> Linux Consultant & Trainer
> Tel.: +49 (0) 151 2372 5802
> Mail: kastl@b1-systems.de
>
> B1 Systems GmbH
> Osterfeldstraße 7 / 85088 Vohburg
> http://www.b1-systems.de
> GF: Ralph Dehner
> Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure



--
Viktor
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

No comments:

Post a Comment