OpenLDAP Enable argon2 password hashing

[deeztek]

Name and Version

bitnami/openldap:2.6

What architecture are you using?

amd64

What steps will reproduce the bug?

Using the following docker-compose.yml file:

services:
  openldap:
    image: bitnami/openldap:latest
    ports:
      - '1389:1389'
      - '1636:1636'
    environment:
      - LDAP_ROOT=dc=domain,dc=local
      - LDAP_ADMIN_USERNAME=${LDAP_ADMIN_USERNAME}
      - LDAP_ADMIN_PASSWORD=${LDAP_ADMIN_PASSWORD}
      - LDAP_USERS=${LDAP_USERS}
      - LDAP_PASSWORDS=${LDAP_PASSWORDS}
      - LDAP_EXTRA_SCHEMAS=argon2
      - BITNAMI_DEBUG=true
    volumes:
      - openldap_data:/bitnami/openldap
      - ../config/openldap/custom/schema/argon2.ldif:/opt/bitnami/openldap/etc/schema/argon2.ldif

volumes:
  openldap_data:
    driver: local
    driver_opts:
      type: none
      o: bind
      device: /mnt/data/openldap

The contents of argon2.ldif are as follows:

dn: cn=module{1},cn=config
objectClass: olcModuleList
cn: module{1}
olcModulePath: /opt/bitnami/openldap/lib/openldap
olcModuleLoad: argon2.so

What is the expected behavior?

I expect the container to start.

What do you see instead?

The container fails to start with code 21 with the following logs:

  12:25:46.55 INFO  ==> Creating LDAP default tree
 6798ccca.215f5653 0x7f3843fff6c0 conn=1002 fd=12 ACCEPT from PATH=/opt/bitnami/openldap/var/run/ldapi (PATH=/opt/bitnami/openldap/var/run/ldapi)
 6798ccca.216055ce 0x7f3843fff6c0 conn=1002 op=0 BIND dn="cn=admin,dc=domain,dc=local" method=128
 6798ccca.216176c9 0x7f3843fff6c0 conn=1002 op=0 BIND dn="cn=admin,dc=domain,dc=local" mech=SIMPLE bind_ssf=0 ssf=71
 6798ccca.21625a8d 0x7f3843fff6c0 conn=1002 op=0 RESULT tag=97 err=0 qtime=0.000006 etime=0.000170 text=
 6798ccca.2163ee5c 0x7f3848fcd6c0 conn=1002 op=1 ADD dn="dc=domain,dc=local"
 6798ccca.216a88aa 0x7f3848fcd6c0 conn=1002 op=1 RESULT tag=105 err=0 qtime=0.000010 etime=0.000451 text=
 6798ccca.216b706f 0x7f3843fff6c0 conn=1002 op=2 ADD dn="ou=users,dc=domain,dc=local"
 6798ccca.21707ca7 0x7f3843fff6c0 conn=1002 op=2 RESULT tag=105 err=0 qtime=0.000005 etime=0.000343 text=
 6798ccca.2171b8f2 0x7f3848fcd6c0 conn=1002 op=3 ADD dn="ou=groups,dc=domain,dc=local"
 6798ccca.2176b8e5 0x7f3848fcd6c0 conn=1002 op=3 RESULT tag=105 err=0 qtime=0.000013 etime=0.000351 text=
 6798ccca.217844b5 0x7f3843fff6c0 conn=1002 op=4 ADD dn="cn=user,ou=users,dc=domain,dc=local"
 6798ccca.2178f04f 0x7f3843fff6c0 conn=1002 op=4 RESULT tag=105 err=21 qtime=0.000007 etime=0.000060 text=objectClass: value #0 invalid per syntax
 ldap_add: Invalid syntax (21)
  additional info: objectClass: value #0 invalid per syntax

Additional information

If I comment out both the LDAP_EXTRA_SCHEMAS and the argon.ldif volume, the container starts without any issues.

[fmulero]

Hi @deeztek, Thanks for using bitnami/containers.

The LDAP_EXTRA_SCHEMAS env var contains by default the inetorgperson schema. Have you tried keeping the default values for variable? I mean setting LDAP_EXTRA_SCHEMAS=cosine,inetorgperson,nis,argon2.

[deeztek]

That seems to work. Thanks!!

[fmulero]

Great! Thanks to let us know it