@@ -15,6 +15,20 @@ readonly LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"
1515
1616# Note 2023-07-25: the HDB backend has been archived in slapd >=2.5. The
1717# primary backend recommended by the OpenLDAP project is the MDB backend.
18+ #
19+ # Note 2023-08-02: the MDB backend has a longstanding bug with CNs that
20+ # exceed 512 characters (https://bugs.openldap.org/show_bug.cgi?id=10088).
21+ # Somehow, this prevents us from using it.
22+ # https://github.com/ldapjs/node-ldapjs/blob/1cc6a73/test-integration/client/issues.test.js#L12-L41
23+ # triggers the issue, but neither the CN value nor the full DN exceeds the
24+ # imposed 512 character limit.
25+ #
26+ # Note 2023-08-15: https://bugs.openldap.org/show_bug.cgi?id=10088#c13 indicates
27+ # that the bug is triggered with RDNs exceeding 256 characters because of some
28+ # "normalizer" feature. Our solution at this time is to reduce the length of
29+ # our offending RDN. Our original issue, https://github.com/ldapjs/node-ldapjs/issues/480
30+ # states a problem with with RDNs exceeding 132 characters, so we will reduce
31+ # our test to exceed that but not offend OpenLDAP.
1832reconfigure_slapd () {
1933 echo " Reconfigure slapd..."
2034 cat << EOL | debconf-set-selections
@@ -51,6 +65,10 @@ make_snakeoil_certificate() {
5165 chmod 600 ${LDAP_SSL_KEY}
5266}
5367
68+ configure_base () {
69+ echo " Configure base..."
70+ ldapmodify -Y EXTERNAL -H ldapi:/// -f ${CONFIG_DIR} /00_base_config.ldif -Q
71+ }
5472
5573configure_tls () {
5674 echo " Configure TLS..."
@@ -102,6 +120,7 @@ make_snakeoil_certificate
102120chown -R openldap:openldap /etc/ldap
103121slapd -h " ldapi:///"
104122
123+ configure_base
105124configure_msad_features
106125configure_tls
107126configure_logging
0 commit comments