LDAP can't connect to server issue due to missing packages? #261
Description
I have been debugging an interesting issue using LDAP bind+search with any cloudnative-pg postgresql container image.
I started with the following, just use the container image straight from github:
apiVersion: postgresql.cnpg.io/v1
kind: ImageCatalog
metadata:
name: postgresql-catalog
spec:
images:
- major: 17
image: ghcr.io/cloudnative-pg/postgresql:17.5-21-bookworm
And the ldap part of the Cluster yml is:
ldap:
server: my-server # hidden because it's a private LDAP server
scheme: ldaps
port: 636
bindSearchAuth:
baseDN: my-BaseDN
bindDN: my-bindDN
bindPassword:
name: ldap-bind-secret
key: bindPW
searchAttribute: uid
So nothing special really.
This resulted in the following error when trying to connect through LDAP:
"message":"could not perform initial LDAP bind for ldapbinddn"
"details": "Can't contact LDAP server"
Then I tried a lot of different variants, ending up with figuring out that this line:
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false
in the cloudnative-pg postgresql Dockerfile seem to remove the following packages in my pods:
- libldap-common
- lbsasl2-modules
console logs tell me:
The following packages will be REMOVED:
libldap-common* libsasl2-modules*
I created a Dockerfile that basically just installs those packages back:
FROM ghcr.io/cloudnative-pg/postgresql:17.5-21-bookworm
USER root
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y libsasl2-modules libldap-common && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
USER 26
And using that image with those two packages installed again LDAP works!
I didn't find anyone else with this issue, so I am really wondering why the default cloudnative-pg postgresql packages seem to uninstall these packages.