Unable to add users using LDIF file in Osixia-OpenLdap image

Question

I am trying to create an OpenLdap instance using image osixia/openldap:1.5.0 as a k8s service. Image works really well and the Ldap instance is also worked fine. However, when I'm trying to create users using user.ldif file, getting error. I created a configmap nameing users and mounted it to the k8s cluster.

openldap.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: open-ldap-pod
  labels:
    app: open-ldap-pod
spec:
  selector:
    matchLabels:
      app: open-ldap-pod
  replicas: 1
  template:
    metadata:
      labels:
        app: open-ldap-pod
    spec:
      containers:
      - name: open-ldap-pod
        image: osixia/openldap:1.5.0
        args: [ "-c", "/container/tool/run --copy-service" ]
        ports:
        - containerPort: 389
          name: openldap
        volumeMounts:
        - name: users
          mountPath: /container/service/slapd/assets/config/bootstrap/ldif/custom/users.ldif
          subPath: users.ldif
      volumes:
      - name: users
        configMap:
         name: users
         items:
         - key: users.ldif
           path: users.ldif

users.ldif

dn: ou=People,dc=example,dc=org
ou: People
objectClass: organizationalUnit

dn: cn=john,ou=People,dc=example,dc=org
myAttribute1: myAttribute
myAttribute2: myAttribute
sn: john
mail: john@example.org
cn: john
objectClass: personnel

dn: cn=mike,ou=People,dc=example,dc=org
myAttribute1: myAttribute
myAttribute2: myAttribute
sn: mike
mail: mike@example.org
cn: mike
objectClass: personnel

Error Stack:

*** CONTAINER_LOG_LEVEL = 3 (info)
*** Search service in CONTAINER_SERVICE_DIR = /container/service :
*** link /container/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** link /container/service/slapd/startup.sh to /container/run/startup/slapd
*** link /container/service/slapd/process.sh to /container/run/process/slapd/run
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running '/container/tool/run --copy-service'...
*** CONTAINER_LOG_LEVEL = 3 (info)
*** Copy /container/service to /container/run/service
*** Search service in CONTAINER_SERVICE_DIR = /container/run/service :
*** link /container/run/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools
*** failed to link /container/run/service/:ssl-tools/startup.sh to /container/run/startup/:ssl-tools: [Errno 17] File exists: '/container/run/service/:ssl-tools/startup.sh' -> '/container/run/startup/:ssl-tools'
*** link /container/run/service/slapd/startup.sh to /container/run/startup/slapd
*** failed to link /container/run/service/slapd/startup.sh to /container/run/startup/slapd: [Errno 17] File exists: '/container/run/service/slapd/startup.sh' -> '/container/run/startup/slapd'
*** link /container/run/service/slapd/process.sh to /container/run/process/slapd/run
*** directory /container/run/process/slapd already exists
*** failed to link /container/run/service/slapd/process.sh to /container/run/process/slapd/run : [Errno 17] File exists: '/container/run/service/slapd/process.sh' -> '/container/run/process/slapd/run'
*** Set environment for startup files
*** Environment files will be proccessed in this order :
Caution: previously defined variables will not be overriden.
/container/environment/99-default/default.startup.yaml
/container/environment/99-default/default.yaml

To see how this files are processed and environment variables values,
run this container with '--loglevel debug'
*** Running /container/run/startup/:ssl-tools...
*** Running /container/run/startup/slapd...
openldap user and group adjustments
get current openldap uid/gid info inside container
-------------------------------------
openldap GID/UID
-------------------------------------
User uid: 911
User gid: 911
uid/gid changed: false
-------------------------------------
updating file uid/gid ownership
Database and config directory are empty...
Init new ldap server...
  Backing up /etc/ldap/slapd.d in /var/backups/slapd-2.4.50+dfsg-1~bpo10+1... done.
  Creating initial configuration... done.
  Creating LDAP directory... done.
invoke-rc.d: could not determine current runlevel
invoke-rc.d: policy-rc.d denied execution of restart.
Start OpenLDAP...
Waiting for OpenLDAP to start...
Add bootstrap schemas...
config file testing succeeded
Add image bootstrap ldif...
Add custom bootstrap ldif...
*** /container/run/startup/slapd failed with status 68

*** Killing all processes...
*** /container/tool/run failed with status 1

*** Killing all processes...

Is there anything that I'm missing here?

Answer 1

LDAP Error 68

The LDAP error code 68 LDAP_ALREADY_EXISTS (which killed your container) indicates

• that an add operation attempted to add an entry that already exists or
• that the modify operation attempted to rename an entry to the name of an entry that already exists.

source, similar source

---

Consider adding the two array elements ["--loglevel", "debug"] to your args. This will enable the debug mode for the LDAP server (as written in the docs of the osixia/openldap container image that you're using).

Before I've had the exact same cryptic error message in my own project as you have here:

***  ERROR | /container/run/startup/slapd failed with status 68

After enabling the debug mode, it actually told me what the problem was:

65537a07 conn=1015 op=1 ADD dn="dc=mycompany,dc=de"
65537a07 conn=1015 op=1 RESULT tag=105 err=68 text=
65537a07 conn=1015 op=2 UNBIND
65537a07 conn=1015 fd=12 closed
***  DEBUG  | 2023-11-14 13:45:43 | ldap_add: Already exists (68)
adding new entry "dc=mycompany,dc=de"
ldap_add: Already exists (68)
adding new entry "dc=mycompany,dc=de"
65537a07 daemon: shutdown requested and initiated.
65537a07 slapd shutdown: waiting for 0 operations/tasks to finish
65537a07 slapd stopped.
***  ERROR  | 2023-11-14 13:45:43 | /container/run/startup/slapd failed with status 68

I tried to add an entity with the distinguished name dc=mycompany,dc=de that already existed.

I don't know what the issue is in your case. My mistake was setting the environment variables LDAP_ORGANISATION=mycompany, LDAP_DOMAIN=mycompany.de and LDAP_BASE_DN=dc=mycompany,dc=de to my container (which creates this root entity automatically at the start), so when seeding with my LDIF file, the entity already existed and I got a fatal error trying to add it a second time.