6.8.34 LDAP not work inside docker

Question

6.8.34 LDAP not work inside docker

Nachtlichtermeer opened this issue 8 months ago · 9 comments

i cannot save the ldap-credentials:

[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\core\jmap\Router:102] Method LdapAuthServer/set,  ID: clientCallId-29
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\modules\community\ldapauthenticator\model\Server:217] Connect to ldap://ldap.foo.de:389
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][warn][go\modules\community\ldapauthenticator\model\Server:167] Validation error in go\modules\community\ldapauthenticator\model\Server::hostname: 9 = Couldn't enable TLS: Connect error
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\core\jmap\Entity:89] go\modules\community\ldapauthenticator\model\Server::internalSave() returned false
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\modules\community\ldapauthenticator\model\Server:159] go\modules\community\ldapauthenticator\model\Server::internalSave() returned false
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][warn][go\core\jmap\EntityController:779] go\modules\community\ldapauthenticator\model\Server::internalSave() returned false
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\core\jmap\EntityController:779] Rolling back save operation for go\modules\community\ldapauthenticator\model\Server
[2024-02-15 11:53:29][JMAP LdapAuthServer/query][log][go\core\jmap\Router:102] Method LdapAuthServer/query,  ID: clientCallId-31

LDAP is slapd with forcing StartTLS on port 389 or native SSL (TLSv1.2 or above supported) on port 636 - both tested.

An installation native with ubuntu, apache2 and php works without any problems.

Certificate of LDAP is trusted.

Answer 1 · 2024-02-15T13:48:29.000Z

I don't see why it wouldn't work from docker while it does without. Can you telnet from the docker container to the LDAP server?

Answer 2 · 2024-02-15T13:53:55.000Z

yes telnet works
i can see traffic via (tcpdump), too.
when i install ldap-utils and libldap-common inside the container i can connect to our LDAP successful.
Without libldap-common i'll get an error because of the certificate.

Answer 3 · 2024-02-15T13:57:29.000Z

Is it a self signed certificate? What happens if you check "Don't validate certficate"?

Answer 4 · 2024-02-15T14:03:45.000Z

Certificate of LDAP is trusted.

no, it's a wildcard for our primary domain from globalssl signed by alphassl

What happens if you check "Don't validate certficate"?
already tested - same problem

i can send you a tcpdump if it helps.

ah, one information is nice to know: we use the software with docker swarm instead of docker compose because of some ISO-processes. But in the past that never make any problems.
i could test it native with compose if you wish

Answer 5 · 2024-02-15T15:03:57.000Z

tested with docker compose without any changes: same problem

steps:

start with docker compose (Ubuntu 22.04; Docker 20.10.25)
Installation
activate LDAP-Module
reload Page
add LDAP server (hostname) and click save

Answer 6 · 2024-04-09T10:23:43.000Z

any ideas?

Answer 7 · 2024-04-12T08:31:05.000Z

Sorry, I can't solve this without taking a dive into your network infra structure.

I don't think it's a bug in Group-Office but a network setup problem. Normally the docker container can reach the outside fine. Maybe a firewall is blocking it.

Answer 8 · 2024-06-17T12:11:54.000Z

I just tried again. But I can reach my ldap server running on localhost fine with port 389. If you need more help please contact us directly for support.

Answer 9 · 2024-06-17T12:21:07.000Z

Is the server using a valid certificate? I noticed it will report that message also when TLS fails:

See also: https://serverfault.com/questions/628777/cant-contact-ldap-server-with-ldaps-in-docker