Comments (30)
seanhandley
commented on August 26, 2024
Hi @duronrulez - can you give me some more info?
- Puppet version
- Operating system
- The manifest entries prior to the
ldap_entrydeclaration - The Puppet output with the
--traceoption so we can see whereabouts the exception is raised.
from datacentred-ldap.
duronrulez
commented on August 26, 2024
Hello @seanhandley ,
I've updated my question to include more information.
If you need anything else just let me know.
from datacentred-ldap.
seanhandley
commented on August 26, 2024
I think I see the cause @duronrulez - could you checkout 7cf998f and see if that fixes the issue for you?
from datacentred-ldap.
duronrulez
commented on August 26, 2024
@seanhandley - Not quite:
Error: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Baz,ou=Bar,dc=baz,dc=co,dc=uk]: Could not evaluate: uninitialized constant Net::LDAP
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:114:in `ldap'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:71:in `ldap_search'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:10:in `exists?'
...
...
Error: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk]: Could not evaluate: uninitialized constant Net::LDAP
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:114:in `ldap'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:71:in `ldap_search'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:10:in `exists?'
Its a different error this time though. :)
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Ah, you don't have the LDAP gem installed. It gets installed with the ldap client. Try adding this and provisioning again:
class { 'ldap::client':
uri => 'ldap://127.0.0.1',
base => 'dc=example,dc=com',
}from datacentred-ldap.
duronrulez
commented on August 26, 2024
Okay i think that solved it, thank you.
Is there any particular reason that my LDAP server now wants to connect to itself and its getting a connection refused though?
Error: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk]: Could not evaluate: Server 127.0.0.1 refused connection on port 636.
from datacentred-ldap.
seanhandley
commented on August 26, 2024
That's because it uses secure LDAP port 636 by default. Pass in port 389 for unsecured LDAP and it ought to connect.
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Let me know how that works for you and thanks for reporting the error!
from datacentred-ldap.
duronrulez
commented on August 26, 2024
Hm, that doesnt seem to solve it:
Error: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk]: Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
class { 'ldap::server':
suffix => 'dc=example,dc=com',
rootdn => 'cn=admin,dc=example,dc=com',
rootpw => hiera('ldapServerDbPassword'),
ssl => false,
ssl_ca => '/etc/ssl/certs/ca.pem',
ssl_cert => '/etc/ssl/certs/ldapserver.crt',
ssl_key => '/etc/ssl/private/ldapserver.key',
}
->
class { 'ldap::client':
uri => 'ldap://127.0.0.1',
ssl => false,
base => 'dc=example,dc=com',
}
->
ldap_entry { 'cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk':
ensure => present,
host => '127.0.0.1',
port => 389,
base => 'dc=baz,dc=co,dc=uk',
username => 'cn=admin,dc=baz,dc=co,dc=uk',
password => 'password',
attributes => { givenName => 'Foo',
objectClass => ["top", "person", "inetorgPerson"]
}
}
->
ldap_entry { 'cn=Baz,ou=Bar,dc=baz,dc=co,dc=uk':
ensure => absent,
base => 'dc=baz,dc=co,dc=uk',
host => '127.0.0.1',
port => 389,
username => 'cn=admin,dc=baz,dc=co,dc=uk',
password => 'password',
}
I've set both the client and server to not use ssl.
I know its no longer really related to my original question, sorry about that.
from datacentred-ldap.
seanhandley
commented on August 26, 2024
That's fine - silly question, but did you set host to be a real IP?
And could you paste in your --trace output?
from datacentred-ldap.
duronrulez
commented on August 26, 2024
I've set the host to be 127.0.0.1 on the client and all ldap entries. I assume the server serves the localhost aswell?
It seems to still be trying to use SSL though.
Trace:
Error: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk]: Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
/var/lib/gems/1.9.1/gems/net-ldap-0.6.1/lib/net/ldap.rb:1167:in `connect'
/var/lib/gems/1.9.1/gems/net-ldap-0.6.1/lib/net/ldap.rb:1167:in `wrap_with_ssl'
/var/lib/gems/1.9.1/gems/net-ldap-0.6.1/lib/net/ldap.rb:1204:in `setup_encryption'
/var/lib/gems/1.9.1/gems/net-ldap-0.6.1/lib/net/ldap.rb:1151:in `initialize'
/var/lib/gems/1.9.1/gems/net-ldap-0.6.1/lib/net/ldap.rb:733:in `new'
/var/lib/gems/1.9.1/gems/net-ldap-0.6.1/lib/net/ldap.rb:733:in `bind'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:118:in `ldap'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:71:in `ldap_search'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:10:in `exists?'
/usr/lib/ruby/vendor_ruby/puppet/property/ensure.rb:81:in `retrieve'
/usr/lib/ruby/vendor_ruby/puppet/type.rb:1035:in `retrieve'
/usr/lib/ruby/vendor_ruby/puppet/type.rb:1063:in `retrieve_resource'
/usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:223:in `from_resource'
/usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:19:in `evaluate'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:174:in `apply'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in `eval_resource'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:117:in `call'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:117:in `block (2 levels) in evaluate'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:327:in `block in thinmark'
/usr/lib/ruby/1.9.1/benchmark.rb:295:in `realtime'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:326:in `thinmark'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:117:in `block in evaluate'
/usr/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:in `traverse'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:108:in `evaluate'
/usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:164:in `block in apply'
/usr/lib/ruby/vendor_ruby/puppet/util/log.rb:149:in `with_destination'
/usr/lib/ruby/vendor_ruby/puppet/transaction/report.rb:108:in `as_logging_destination'
/usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:163:in `apply'
/usr/lib/ruby/vendor_ruby/puppet/configurer.rb:125:in `block in apply_catalog'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:161:in `block in benchmark'
/usr/lib/ruby/1.9.1/benchmark.rb:295:in `realtime'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:160:in `benchmark'
/usr/lib/ruby/vendor_ruby/puppet/configurer.rb:124:in `apply_catalog'
/usr/lib/ruby/vendor_ruby/puppet/configurer.rb:192:in `run'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:44:in `block (4 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/agent/locker.rb:20:in `lock'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:44:in `block (3 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:114:in `with_client'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:41:in `block (2 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:79:in `run_in_fork'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:40:in `block in run'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:179:in `call'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:179:in `controlled_run'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:38:in `run'
/usr/lib/ruby/vendor_ruby/puppet/application/agent.rb:355:in `onetime'
/usr/lib/ruby/vendor_ruby/puppet/application/agent.rb:321:in `run_command'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `block (2 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:470:in `plugin_hook'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `block in run'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:478:in `exit_on_fail'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:364:in `run'
/usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:137:in `run'
/usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:91:in `execute'
/usr/bin/puppet:4:in `<main>'
Warning: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Baz,ou=Bar,dc=baz,dc=co,dc=uk]: Skipping because of failed dependencies
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Aha, the ldap_entry provider assumes you're connecting via SSL.
Bear with me, I'll post a commit ref here with an update allowing you to specify ssl => false
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Feel free to try out the proposed (untested) fix @duronrulez
from datacentred-ldap.
duronrulez
commented on August 26, 2024
There seems to be syntax error:
Error: Could not autoload puppet/provider/ldap_entry/ldap: /var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:117: syntax error, unexpected tCONSTANT, expecting ')'
Puppet.debug("Connecting to LDAP server ldaps://#{host}:#{port}")
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Currently rebuilding my vagrant VM so I'll be done testing later. In the meantime, the syntax error's fixed here: b257ab0
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Any luck @duronrulez ? It's working for me locally with and without SSL.
from datacentred-ldap.
seanhandley
commented on August 26, 2024
See #23 for a PR
from datacentred-ldap.
duronrulez
commented on August 26, 2024
I did a git pull to get the new changes, but i still get this:
Error: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk]: Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
Should i maybe add ssl => false to the ldap_entry as well?
- Nope that didnt work.
I am missing something obvious ....
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Yes :-) We use it with SSL for our needs so it makes more sense to have it on by default.
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Results with --trace ?
from datacentred-ldap.
duronrulez
commented on August 26, 2024
When i add ssl => false to the ldap_entry:
ldap_entry { 'cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk':
ensure => present,
host => '192.168.50.101',
port => 389,
ssl => false,
base => 'dc=baz,dc=co,dc=uk',
username => 'cn=admin,dc=baz,dc=co,dc=uk',
password => 'password',
attributes => { givenName => 'Foo',
objectClass => ["top", "person", "inetorgPerson"]
}
}
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Invalid parameter ssl at /vagrant/puppet/newnodes/bastion.pp:50 on node bastion.1
/usr/lib/ruby/vendor_ruby/puppet/indirector/rest.rb:195:in `is_http_200?'
/usr/lib/ruby/vendor_ruby/puppet/indirector/rest.rb:101:in `find'
/usr/lib/ruby/vendor_ruby/puppet/indirector/indirection.rb:201:in `find'
/usr/lib/ruby/vendor_ruby/puppet/configurer.rb:256:in `block in retrieve_new_catalog'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:327:in `block in thinmark'
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Interesting. Puppet may have cached the type. Try
vagrant destroy -f; vagrant up
from datacentred-ldap.
duronrulez
commented on August 26, 2024
Did that, but still the same error :/
----- Nevermind, it was the cache, yes.
It passed to the next step:
Error: /Stage[main]/Main/Node[bastion]/Ldap_entry[cn=Foo,ou=Bar,dc=baz,dc=co,dc=uk]: Could not evaluate: LDAP Error 49: Invalid Credentials. Check server log for more info.
But i should be able to resolve this on my own, since i didnt really set any actual passwords :)
Thank you for your help @seanhandley ! :)
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Awesome!
from datacentred-ldap.
commented on August 26, 2024
Hello. I have the same problem, but want to keep ssl turned on, so setting it to false isn't an option. Is there anything else I can do?
Puppet agent run output below:
Error: /Stage[main]/Ldap_base/Ldap_entry[o=cl]: Could not evaluate: SSL_connect SYSCALL returned=5 errno=0 state=unknown state
/var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap/connection.rb:54:in connect' /var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap/connection.rb:54:inwrap_with_ssl'
/var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap/connection.rb:95:in setup_encryption' /var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap/connection.rb:25:ininitialize'
/var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap.rb:1223:in new' /var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap.rb:1223:innew_connection'
/var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap.rb:825:in block in bind' /var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap/instrumentation.rb:19:ininstrument'
/var/lib/gems/1.9.1/gems/net-ldap-0.11/lib/net/ldap.rb:819:in bind' /var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:117:inldap'
/var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:70:in ldap_search' /var/lib/puppet/lib/puppet/provider/ldap_entry/ldap.rb:15:inexists?'
/usr/lib/ruby/vendor_ruby/puppet/property/ensure.rb:81:in retrieve' /usr/lib/ruby/vendor_ruby/puppet/type.rb:1035:inretrieve'
/usr/lib/ruby/vendor_ruby/puppet/type.rb:1063:in retrieve_resource' /usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:223:infrom_resource'
/usr/lib/ruby/vendor_ruby/puppet/transaction/resource_harness.rb:19:in evaluate' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:174:inapply'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:187:in eval_resource' /usr/lib/ruby/vendor_ruby/puppet/transaction.rb:117:incall'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:117:in block (2 levels) in evaluate' /usr/lib/ruby/vendor_ruby/puppet/util.rb:327:inblock in thinmark'
/usr/lib/ruby/1.9.1/benchmark.rb:295:in realtime' /usr/lib/ruby/vendor_ruby/puppet/util.rb:326:inthinmark'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:117:in block in evaluate' /usr/lib/ruby/vendor_ruby/puppet/graph/relationship_graph.rb:118:intraverse'
/usr/lib/ruby/vendor_ruby/puppet/transaction.rb:108:in evaluate' /usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:167:inblock in apply'
/usr/lib/ruby/vendor_ruby/puppet/util/log.rb:149:in with_destination' /usr/lib/ruby/vendor_ruby/puppet/transaction/report.rb:112:inas_logging_destination'
/usr/lib/ruby/vendor_ruby/puppet/resource/catalog.rb:166:in apply' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:117:inblock in apply_catalog'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:161:in block in benchmark' /usr/lib/ruby/1.9.1/benchmark.rb:295:inrealtime'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:160:in benchmark' /usr/lib/ruby/vendor_ruby/puppet/configurer.rb:116:inapply_catalog'
/usr/lib/ruby/vendor_ruby/puppet/configurer.rb:191:in run' /usr/lib/ruby/vendor_ruby/puppet/agent.rb:47:inblock (4 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/agent/locker.rb:20:in lock' /usr/lib/ruby/vendor_ruby/puppet/agent.rb:47:inblock (3 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:117:in with_client' /usr/lib/ruby/vendor_ruby/puppet/agent.rb:44:inblock (2 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:82:in run_in_fork' /usr/lib/ruby/vendor_ruby/puppet/agent.rb:43:inblock in run'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:179:in call' /usr/lib/ruby/vendor_ruby/puppet/application.rb:179:incontrolled_run'
/usr/lib/ruby/vendor_ruby/puppet/agent.rb:41:in run' /usr/lib/ruby/vendor_ruby/puppet/application/agent.rb:355:inonetime'
/usr/lib/ruby/vendor_ruby/puppet/application/agent.rb:321:in run_command' /usr/lib/ruby/vendor_ruby/puppet/application.rb:371:inblock (2 levels) in run'
/usr/lib/ruby/vendor_ruby/puppet/application.rb:477:in plugin_hook' /usr/lib/ruby/vendor_ruby/puppet/application.rb:371:inblock in run'
/usr/lib/ruby/vendor_ruby/puppet/util.rb:479:in exit_on_fail' /usr/lib/ruby/vendor_ruby/puppet/application.rb:371:inrun'
/usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:137:in run' /usr/lib/ruby/vendor_ruby/puppet/util/command_line.rb:91:inexecute'
/usr/bin/puppet:8:in `
Notice: /Stage[main]/Ldap_base/Ldap_entry[ou=users,o=cl]: Dependency Ldap_entry[o=cl] has failures: true
Warning: /Stage[main]/Ldap_base/Ldap_entry[ou=users,o=cl]: Skipping because of failed dependencies
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Hi @feature-
What version of Puppet are you using?
from datacentred-ldap.
commented on August 26, 2024
@seanhandley 3.6.2
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Does it work if you set SSL to false?
from datacentred-ldap.
seanhandley
commented on August 26, 2024
Also, can you connect to the server with SSL using the command line LDAP client?
from datacentred-ldap.
seanhandley
commented on August 26, 2024
The SSL error could be caused by an incorrect configuration on the server itself.
Try the LDAP client manually (https://www.linux.com/learn/tutorials/376144-manage-ldap-from-the-command-line) and if it works there, please paste the transcript, open a new issue, and provide as much info as possible.
from datacentred-ldap.
Related Issues (20)
- API Validation HOT 1
- Does not define monitor database HOT 1
- Does not define config database (should be optional) HOT 1
- Does not support multiple database definitions HOT 1
- Does not generate DB_CONFIG
- ACL support is missing HOT 1
- Supporting OLC HOT 1
- Will the plugin be able to work with pam authentication? HOT 2
- Unable to login to OpenLDAP on CentOS 7 HOT 12
- Could not autoload ldap_entry HOT 1
- Release new version to the forge
- Undefined method 'force_encoding' HOT 2
- Initial Password for ldap_entry HOT 3
- Error: Could not find a suitable provider for ldap_entry HOT 9
- CA cert not honored in ldap_entry HOT 1
- Can't connect to the server - SSL config issue? HOT 1
- Import existing schema dump? HOT 1
- Error: Could not find a suitable provider for ldap_entry - Puppet 6 HOT 2
- Convert to PDK and use Litmus
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from datacentred-ldap.