starred/docker-test-openldap
1
0
Fork 0
mirror of https://github.com/rroemhild/docker-test-openldap.git synced 2026-04-25 15:15:53 +03:00
Code Issues 14 Projects Releases 3 Packages Wiki Activity

[GH-ISSUE #9] Issues with LDAPS connection #4

New issue
Closed
opened 2026-02-27 16:47:37 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 16:47:37 +03:00
Owner
Copy link

Originally created by @jumarko on GitHub (Sep 16, 2019).
Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/9

I cannot connect to LDAPS port 636 from outside the running container.
It's working "fine" (meaning I can at least get the SSL certificate error) but connection is refused when I try this from my host machine (running Docker on Mac).

This works fine when using plain LDAP over the port 389.
I'm running a fork of this project which is basically the same thing with some more imported data: https://github.com/empear-analytics/docker-test-openldap/

Steps:

  • Build the image & run
  • Try to connect to port 636 the host: openssl s_client -connect localhost:636 => 'Connection refused'
  • Try to connect to port 636 from the docker container itself:
docker container exec -i -t 3002217f0b0f /bin/bash
openssl s_client -connect localhost:636
... lots of certificates data...

I've noticed that port 636 should be exposed too but don't know why it's not possible to connect to it.

Also tried ldapsearch command to debug the issue but since it gets cut off at the very beginning I couldn't get much details:

ldapsearch -d1 -H ldaps://localhost -b dc=mycompany,dc=local -D cn=admin,dc=planetexpress,dc=com -W "(cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com)"
ldap_url_parse_ext(ldaps://localhost)
ldap_create
ldap_url_parse_ext(ldaps://localhost:636/??base)
Enter LDAP Password:
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP localhost:636
ldap_new_socket: 5
ldap_prepare_socket: 5
ldap_connect_to_host: Trying ::1 636
ldap_pvt_connect: fd: 5 tm: -1 async: 0
ldap_close_socket: 5
ldap_new_socket: 5
ldap_prepare_socket: 5
ldap_connect_to_host: Trying 127.0.0.1:636
ldap_pvt_connect: fd: 5 tm: -1 async: 0
ldap_close_socket: 5
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
tlsst_destroy()
Originally created by @jumarko on GitHub (Sep 16, 2019). Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/9 I cannot connect to LDAPS port 636 from outside the running container. It's working "fine" (meaning I can at least get the SSL certificate error) but connection is refused when I try this from my host machine (running Docker on Mac). This works fine when using plain LDAP over the port 389. I'm running a fork of this project which is basically the same thing with some more imported data: https://github.com/empear-analytics/docker-test-openldap/ Steps: * Build the image & run * Try to connect to port 636 the host: `openssl s_client -connect localhost:636` => 'Connection refused' * Try to connect to port 636 from the docker container itself: ``` docker container exec -i -t 3002217f0b0f /bin/bash openssl s_client -connect localhost:636 ... lots of certificates data... ``` I've noticed that port 636 should be exposed too but don't know why it's not possible to connect to it. Also tried `ldapsearch` command to debug the issue but since it gets cut off at the very beginning I couldn't get much details: ``` ldapsearch -d1 -H ldaps://localhost -b dc=mycompany,dc=local -D cn=admin,dc=planetexpress,dc=com -W "(cn=Hubert J. Farnsworth,ou=people,dc=planetexpress,dc=com)" ldap_url_parse_ext(ldaps://localhost) ldap_create ldap_url_parse_ext(ldaps://localhost:636/??base) Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 5 ldap_prepare_socket: 5 ldap_connect_to_host: Trying ::1 636 ldap_pvt_connect: fd: 5 tm: -1 async: 0 ldap_close_socket: 5 ldap_new_socket: 5 ldap_prepare_socket: 5 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 5 tm: -1 async: 0 ldap_close_socket: 5 ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) tlsst_destroy() ```
kerem closed this issue 2026-02-27 16:47:37 +03:00
kerem commented 2026-02-27 16:47:37 +03:00
Author
Owner
Copy link

@jumarko commented on GitHub (Sep 16, 2019):

Ok, this was a stupid mistake - I just forgot to "expose" the port via -p parameter:

docker run --privileged -d -p 389:389 -p636:636 test-openldap-joseph
<!-- gh-comment-id:531777671 --> @jumarko commented on GitHub (Sep 16, 2019): Ok, this was a stupid mistake - I just forgot to "expose" the port via `-p` parameter: ``` docker run --privileged -d -p 389:389 -p636:636 test-openldap-joseph ```
kerem commented 2026-02-27 16:47:37 +03:00
Author
Owner
Copy link

@guusdk commented on GitHub (Nov 2, 2020):

Hargh. I've spent to much time figuring out that I made the exact same mistake. I've created a PR that adjusts the example, in the hope that that will prevent the next poor soul from bashing his head into his keyboard.

<!-- gh-comment-id:720459676 --> @guusdk commented on GitHub (Nov 2, 2020): Hargh. I've spent to much time figuring out that I made the exact same mistake. I've created a PR that adjusts the example, in the hope that that will prevent the next poor soul from bashing his head into his keyboard.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
revert-44-ship_crew_mail
v1.0
v2.5.0
v2.4.0
2.3
2.2
2.1
1.1
2.0
v1
1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-test-openldap#4
No description provided.