Error configuring LDAP for ODK sync-endpoint

Hello all,
I am trying to get ODK Sync Endpoint installed and configured on a VM running Ubuntu 18.04. I am a relative newbie when it comes to Linux and a complete newbie with ODK and docker.

I’m following the instructions at https://docs.opendatakit.org/odk-x/sync-endpoint/
I’ve been unable to get any sort of GUI installed on this box, and tried to use elinks browser to interact with phpldapamin, but when I submitted the form to create an admin user for the Toolkit, it crashes with an HTTP 500 error. So now I am attempting to use the OpenLDAP command line utilities instead. But that also fails.
The documentation tells me to enter the following command to access the LDAP tools:
$ docker exec $(docker ps -f “label=com.docker.swarm.service.name=syncldap_ldap-service” --format ‘{{.ID}}’) LDAPTOOL ARGS
But when I do this I get the following error:
OCI runtime exec failed: exec failed: container_linux.go:345: starting container process caused “exec: “LDAPTOOL”: executable file not found in $PATH”: unknown

To me this means there might be something wrong with the docker container, or maybe it wasn’t built? (but the documentation says it should be there). Or is maybe Docker swarm not running correctly?
Do I need to be running this in a different directory?

Has anyone else run into this issue?

Thanks in advance for any insights or a solution to this!

Hi,

For the HTTP 500, it is possible that elinks isn’t supported by phpLDAPAdmin. Have you tried a different browser? Perhaps a more common browser like Firefox or Chrome.

If you want to use the LDAP command line tools,

docker exec $(docker ps -f "label=com.docker.swarm.service.name=syncldap_ldap-service" --format '{{.ID}}') LDAPTOOL ARGS

You need to replace LDAPTOOL with the tool you want, for example ldapsearch. And replace ARGS with the necessary arguments.

Thank you – I’ll try these things and let you know. Trying right now to change some firewall rules so I can maybe hit phpldapadmin from my workstation outside the vm with a better browser than elinks, but I will also try the ldap command line tools – what you say makes a lot of sense.

The ldap command still fails. The exact command I’m trying is
docker exec $(docker ps -f “label=com.docker.swarm.service.name=syncldap_ldap-service” --format ‘{{.ID}}’) ldapadd -x -D “cn=admin,dc=example,dc=org” -w [password] -f odk2_admin.ldif
where the password is my ldap admin password, and the ldif file loooks like this:
# USER ENTRY
dn: uid=odk2_admin,ou=people,dc=example,dc=org
cn: odk2 admin
uid: odk2_admin
objectClass: PosixAccount
sn: admin
I also tried fully qualifying the filename, but I’m wondering if docker expects the file to be inside the container somehow?
Still working on getting that port open so we can use a better browser against phpldapadmin

I solved that problem – the issue was indeed that the .ldif file was outside the container, not inside. I resolved that by doing
ps cp odk2_admin.ldif [dockerinstance]:/tmp
and then once the ldif had been copied, I could execute the docker exec command pointing to the local file path. I was also able to execute a ldappasswd command to set the new account’s password, and another .ldif to add it to the site_admin group.

The opendatakit web ui still doesn’t accept those credentials even though I’ve verified that the admin account I created is there and in the appropriate group, but I see there is another long thread about unknown username or password (Problems with login in to ODK 2.0 Server web-ui. Incorrect username or password) so I’ll see if I can get some help there.
Thanks again.