Dockerfile:
```Dockerfile
FROM debian:buster
ENV container docker
# systemd
RUN apt-get update && apt-get install -y \
systemd systemd-sysv && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
RUN systemctl disable systemd-resolved.service
RUN systemctl disable systemd-hostnamed.service
STOPSIGNAL SIGRTMIN+3
CMD [ "/sbin/init" ]
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install
-y --no-install-recommends \
slapd && \
apt-get clean && rm -rf /var/lib/apt/lists/*
RUN systemctl enable slapd.service
# Allow restart of slapd after dpkg-reconfigure (docker forbids this by default)
RUN bash -c "install -m755 <(printf '#!/bin/sh\nexit 0') /usr/sbin/policy-rc.d"
```
Build command:
```sh
docker build -t tmp .
```
Run command:
```sh
docker run \
--name=tmp \
-it \
--tmpfs /run \
--tmpfs /run/lock \
--tmpfs /tmp \
-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
--rm \
tmp
```
Slapd restart (run within container):
```sh
service slapd restart
```
Log (journalctl -u slapd):
Jun 18 07:14:25 81bb7d58af2b systemd[1]: Starting LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol)...
Jun 18 07:14:25 81bb7d58af2b slapd[39]: @(#) $OpenLDAP: slapd (Apr 20
2020 18:19:54) $
Debian OpenLDAP
Maintainers <[email protected]>
Jun 18 07:14:25 81bb7d58af2b slapd[40]: slapd starting
Jun 18 07:14:25 81bb7d58af2b slapd[27]: Starting OpenLDAP: slapd.
Jun 18 07:14:25 81bb7d58af2b systemd[1]: Started LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol).
Jun 18 07:14:35 81bb7d58af2b systemd[1]: Stopping LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol)...
Jun 18 07:14:35 81bb7d58af2b slapd[72]: Stopping OpenLDAP: slapd.
Jun 18 07:14:35 81bb7d58af2b systemd[1]: slapd.service: Succeeded.
Jun 18 07:14:35 81bb7d58af2b systemd[1]: Stopped LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol).
Jun 18 07:14:40 81bb7d58af2b systemd[1]: slapd.service: Found
left-over process 40 (slapd) in control group while starting unit.
Ignoring.
Jun 18 07:14:40 81bb7d58af2b systemd[1]: This usually indicates
unclean termination of a previous run, or service implementation
deficiencies.
Jun 18 07:14:40 81bb7d58af2b systemd[1]: Starting LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol)...
Jun 18 07:14:40 81bb7d58af2b slapd[99]: Starting OpenLDAP: slapd failed!
Jun 18 07:14:40 81bb7d58af2b systemd[1]: slapd.service: Control
process exited, code=exited, status=1/FAILURE
Jun 18 07:14:40 81bb7d58af2b systemd[1]: slapd.service: Failed with
result 'exit-code'.
Jun 18 07:14:40 81bb7d58af2b systemd[1]: Failed to start LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol).
---
The problem seems to be an unclean stop (left-over process) which
still occupies the port.
Which capabilities [1] / seccomp [2] is needed by slapd?
[1]: https://linux.die.net/man/7/capabilities
[2]: https://docs-stage.docker.com/engine/security/seccomp/
---
My goal is to set the domain to "thisbox".
Running the following code (within container):
```sh
cat <<EOF >/tmp/slapd
Name: slapd/domain
Template: slapd/domain
Value: thisbox
Owners: slapd
EOF
DEBIAN_FRONTEND=noninteractive DEBCONF_DB_OVERRIDE=/tmp/slapd
dpkg-reconfigure slapd
```
Log (journalctl -u slapd):
-- Logs begin at Thu 2020-06-18 07:43:44 UTC, end at Thu 2020-06-18
07:44:57 UTC. --
Jun 18 07:43:44 fe1ddc01fdaf systemd[1]: Starting LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol)...
Jun 18 07:43:44 fe1ddc01fdaf slapd[38]: @(#) $OpenLDAP: slapd (Apr 20
2020 18:19:54) $
Debian OpenLDAP
Maintainers <[email protected]>
Jun 18 07:43:44 fe1ddc01fdaf slapd[39]: slapd starting
Jun 18 07:43:44 fe1ddc01fdaf slapd[28]: Starting OpenLDAP: slapd.
Jun 18 07:43:44 fe1ddc01fdaf systemd[1]: Started LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol).
Jun 18 07:43:48 fe1ddc01fdaf systemd[1]: Stopping LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol)...
Jun 18 07:43:48 fe1ddc01fdaf slapd[160]: Stopping OpenLDAP: slapd.
Jun 18 07:43:48 fe1ddc01fdaf systemd[1]: slapd.service: Succeeded.
Jun 18 07:43:48 fe1ddc01fdaf systemd[1]: Stopped LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol).
Jun 18 07:43:48 fe1ddc01fdaf systemd[1]: Starting LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol)...
Jun 18 07:43:48 fe1ddc01fdaf slapd[170]: @(#) $OpenLDAP: slapd (Apr
20 2020 18:19:54) $
Debian OpenLDAP
Maintainers <[email protected]>
Jun 18 07:43:48 fe1ddc01fdaf slapd[170]: daemon: bind(8) failed
errno=98 (Address already in use)
Jun 18 07:43:48 fe1ddc01fdaf slapd[170]: daemon: bind(8) failed
errno=98 (Address already in use)
Jun 18 07:43:48 fe1ddc01fdaf slapd[170]: slapd stopped.
Jun 18 07:43:48 fe1ddc01fdaf slapd[170]: connections_destroy: nothing
to destroy.
Jun 18 07:43:48 fe1ddc01fdaf slapd[165]: Starting OpenLDAP: slapd failed!
Jun 18 07:43:48 fe1ddc01fdaf systemd[1]: slapd.service: Control
process exited, code=exited, status=1/FAILURE
Jun 18 07:43:48 fe1ddc01fdaf systemd[1]: slapd.service: Failed with
result 'exit-code'.
Jun 18 07:43:48 fe1ddc01fdaf systemd[1]: Failed to start LSB: OpenLDAP
standalone server (Lightweight Directory Access Protocol).
So the problem indicates that the address is already in use.
---
Setting the configuration within Dockerfile (no need to restart in container):
```Dockerfile
RUN echo "" >> /tmp/slapd && \
echo "Name: slapd/domain" >> /tmp/slapd && \
echo "Template: slapd/domain" >> /tmp/slapd && \
echo "Value: thisbox" >> /tmp/slapd && \
echo "Owners: slapd" >> /tmp/slapd && \
echo "" >> /tmp/slapd && \
DEBIAN_FRONTEND=noninteractive \
DEBCONF_DB_OVERRIDE=/tmp/slapd \
dpkg-reconfigure slapd
```
doesn't throw any error, but doesn't seem to work either.
```sh
ldapadd -Q -Y EXTERNAL -H ldapi:///
```
logs to stdout:
```
adding new entry "ou=users,dc=thisbox"
ldap_add: Server is unwilling to perform (53)
additional info: no global superior knowledge
```
So for some reason the setup on container creation doesn't seem to be used.
---
I am new to LDAP, so I am apologizing if I am using something
completely wrongly. Just trying to fix
https://salsa.debian.org/freedombox-team/freedombox/-/issues/1880.
Any help appreciated!
