osixia/openldap SSL/TLS issue

Question

I’m running a local openldap docker container in my local mac using below command

Macbook# docker run -p 389:389 -p 689:689 -h ldap.mydomain.com --env LDAP_DOMAIN=mydomain.com --name myopenldap --detach osixia/openldap:1.2.2

Now start tls and ldaps is working inside the container.

Conatainer# ldapsearch -x -H ldaps://ldap.mydomain.com:636 -b dc=mydomain,dc=com -D "cn=admin,dc= mydomain,dc=com" -w admin -> ldaps ok

Container# ldapsearch -x -H ldap://ldap.mydomain.com -b dc=mydomain,dc=com -D "cn=admin,dc=mydomain,dc=com" -w admin -ZZ -> start tls ok

But only ldap is working outside container

Macbook# ldapsearch -x -h localhost -p 389 -b dc=mydomain,dc=com -D "cn=admin,dc= mydomain,dc=com" -w admin -> ldap ok

ldaps error:->

Macbook# ldapsearch -x -h localhost -p 389 -b dc=mydomain,dc=com -ZZ -D "cn=admin,dc= mydomain,dc=com" -w admin

ldap_start_tls: Connect error (-11) additional info: SSLHandshake() failed: misc. bad certificate (-9825)

starttls error:->

Macbook# ldapsearch -x -h localhost -p 636 -b dc=mydomain,dc=com -D "cn=admin,dc=mydomain,dc=com" -w admin

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Any clue?

lullis · Accepted Answer · 2019-10-10 18:53:42Z

0

You are not exposing port 636, which is the port used to connect to ldaps. Add "-p 636:636" to the docker run command and it should work fine.

answered Oct 10, 2019 at 18:53

lullis

3044 silver badges7 bronze badges

Sign up to request clarification or add additional context in comments.

1 Answer 1