[GH-ISSUE #524] docker healthcheck fails when ldaps is enabled #192

New issue

Closed

opened 2026-02-27 08:15:47 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 08:15:47 +03:00

Owner

Originally created by @leanderjanssen on GitHub (Apr 4, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/524

After enabling and configuring ldaps the Docker healthcheck is consistently failing with an invalid dns name error when it tries to resolve the localhost hostname.

Making a ldaps connection to the server works just fine.

Here is the debug output when manually running the healthcheck.

docker container exec -it lldap /app/lldap healthcheck --config-file /data/lldap_config.toml

2023-04-04T14:21:16.276794237+00:00  INFO     ｉ [info]: Starting healthchecks
2023-04-04T14:21:16.276901747+00:00  INFO     check_ldaps [ 121µs | 100.00% ]
2023-04-04T14:21:16.277022159+00:00  ERROR    ┕━ 🚨 [error]:  | error: invalid dns name
2023-04-04T14:21:16.277207994+00:00  DEBUG    🐛 [debug]: resolving host="localhost"
2023-04-04T14:21:16.277614454+00:00  DEBUG    🐛 [debug]: flushed 60 bytes
2023-04-04T14:21:16.276839569+00:00  INFO     check_ldap [ 405µs | 100.00% ]
2023-04-04T14:21:16.278021212+00:00  DEBUG    ┝━ 🐛 [debug]: Received message: LdapMsg { msgid: 0, op: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: [[116, 111, 112]] }, LdapPartialAttribute { atype: "vendorName", vals: [[76, 76, 68, 65, 80]] }, LdapPartialAttribute { atype: "vendorVersion", vals: [[108, 108, 100, 97, 112, 95, 48, 46, 52, 46, 50]] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: [[51]] }, LdapPartialAttribute { atype: "supportedExtension", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 49, 49, 46, 49]] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 53, 46, 49]] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: [[100, 99, 61, 118, 102, 111, 114, 103, 101, 44, 100, 99, 61, 110, 101, 116]] }, LdapPartialAttribute { atype: "namingContexts", vals: [[100, 99, 61, 118, 102, 111, 114, 103, 101, 44, 100, 99, 61, 110, 101, 116]] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: [[102, 97, 108, 115, 101]] }] }), ctrl: [] }
2023-04-04T14:21:16.278032714+00:00  DEBUG    ┝━ 🐛 [debug]: Received message: LdapMsg { msgid: 0, op: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }), ctrl: [] }
2023-04-04T14:21:16.278033417+00:00  INFO     ┕━ ｉ [info]: Success
2023-04-04T14:21:16.278194168+00:00  DEBUG    🐛 [debug]: parsed 2 headers
2023-04-04T14:21:16.278203139+00:00  DEBUG    🐛 [debug]: incoming body is empty
2023-04-04T14:21:16.277043643+00:00  INFO     check_api [ 371µs | 100.00% ]
2023-04-04T14:21:16.277427324+00:00  DEBUG    ┝━ 🐛 [debug]: connecting to [::1]:17170
2023-04-04T14:21:16.277475094+00:00  DEBUG    ┝━ 🐛 [debug]: connecting to 127.0.0.1:17170
2023-04-04T14:21:16.277530319+00:00  DEBUG    ┝━ 🐛 [debug]: connected to 127.0.0.1:17170
2023-04-04T14:21:16.278231077+00:00  DEBUG    ┝━ 🐛 [debug]: pooling idle connection for ("http", localhost:17170)
2023-04-04T14:21:16.278274912+00:00  INFO     ┕━ ｉ [info]: Success
2023-04-04T14:21:16.278300049+00:00  ERROR    🚨 [error]: Healthcheck failed

The configured ldaps options are:

    ldaps_options: LdapsOptions {
        enabled: true,
        port: 6360,
        cert_file: "/data/cert.pem",
        key_file: "/data/key.pem",
    },

The lldap version used is: 0.4.2

Originally created by @leanderjanssen on GitHub (Apr 4, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/524 After enabling and configuring ldaps the Docker healthcheck is consistently failing with an `invalid dns name` error when it tries to resolve the `localhost` hostname. Making a ldaps connection to the server works just fine. Here is the debug output when manually running the healthcheck. ``` docker container exec -it lldap /app/lldap healthcheck --config-file /data/lldap_config.toml ``` ``` 2023-04-04T14:21:16.276794237+00:00 INFO ｉ [info]: Starting healthchecks 2023-04-04T14:21:16.276901747+00:00 INFO check_ldaps [ 121µs | 100.00% ] 2023-04-04T14:21:16.277022159+00:00 ERROR ┕━ 🚨 [error]: | error: invalid dns name 2023-04-04T14:21:16.277207994+00:00 DEBUG 🐛 [debug]: resolving host="localhost" 2023-04-04T14:21:16.277614454+00:00 DEBUG 🐛 [debug]: flushed 60 bytes 2023-04-04T14:21:16.276839569+00:00 INFO check_ldap [ 405µs | 100.00% ] 2023-04-04T14:21:16.278021212+00:00 DEBUG ┝━ 🐛 [debug]: Received message: LdapMsg { msgid: 0, op: SearchResultEntry(LdapSearchResultEntry { dn: "", attributes: [LdapPartialAttribute { atype: "objectClass", vals: [[116, 111, 112]] }, LdapPartialAttribute { atype: "vendorName", vals: [[76, 76, 68, 65, 80]] }, LdapPartialAttribute { atype: "vendorVersion", vals: [[108, 108, 100, 97, 112, 95, 48, 46, 52, 46, 50]] }, LdapPartialAttribute { atype: "supportedLDAPVersion", vals: [[51]] }, LdapPartialAttribute { atype: "supportedExtension", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 49, 49, 46, 49]] }, LdapPartialAttribute { atype: "supportedControl", vals: [] }, LdapPartialAttribute { atype: "supportedFeatures", vals: [[49, 46, 51, 46, 54, 46, 49, 46, 52, 46, 49, 46, 52, 50, 48, 51, 46, 49, 46, 53, 46, 49]] }, LdapPartialAttribute { atype: "defaultNamingContext", vals: [[100, 99, 61, 118, 102, 111, 114, 103, 101, 44, 100, 99, 61, 110, 101, 116]] }, LdapPartialAttribute { atype: "namingContexts", vals: [[100, 99, 61, 118, 102, 111, 114, 103, 101, 44, 100, 99, 61, 110, 101, 116]] }, LdapPartialAttribute { atype: "isGlobalCatalogReady", vals: [[102, 97, 108, 115, 101]] }] }), ctrl: [] } 2023-04-04T14:21:16.278032714+00:00 DEBUG ┝━ 🐛 [debug]: Received message: LdapMsg { msgid: 0, op: SearchResultDone(LdapResult { code: Success, matcheddn: "", message: "", referral: [] }), ctrl: [] } 2023-04-04T14:21:16.278033417+00:00 INFO ┕━ ｉ [info]: Success 2023-04-04T14:21:16.278194168+00:00 DEBUG 🐛 [debug]: parsed 2 headers 2023-04-04T14:21:16.278203139+00:00 DEBUG 🐛 [debug]: incoming body is empty 2023-04-04T14:21:16.277043643+00:00 INFO check_api [ 371µs | 100.00% ] 2023-04-04T14:21:16.277427324+00:00 DEBUG ┝━ 🐛 [debug]: connecting to [::1]:17170 2023-04-04T14:21:16.277475094+00:00 DEBUG ┝━ 🐛 [debug]: connecting to 127.0.0.1:17170 2023-04-04T14:21:16.277530319+00:00 DEBUG ┝━ 🐛 [debug]: connected to 127.0.0.1:17170 2023-04-04T14:21:16.278231077+00:00 DEBUG ┝━ 🐛 [debug]: pooling idle connection for ("http", localhost:17170) 2023-04-04T14:21:16.278274912+00:00 INFO ┕━ ｉ [info]: Success 2023-04-04T14:21:16.278300049+00:00 ERROR 🚨 [error]: Healthcheck failed ``` The configured ldaps options are: ``` ldaps_options: LdapsOptions { enabled: true, port: 6360, cert_file: "/data/cert.pem", key_file: "/data/key.pem", }, ``` The lldap version used is: 0.4.2