6.8.34 LDAP not work inside docker

[Nachtlichtermeer]

i cannot save the ldap-credentials:

[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\core\jmap\Router:102] Method LdapAuthServer/set,  ID: clientCallId-29
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\modules\community\ldapauthenticator\model\Server:217] Connect to ldap://ldap.foo.de:389
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][warn][go\modules\community\ldapauthenticator\model\Server:167] Validation error in go\modules\community\ldapauthenticator\model\Server::hostname: 9 = Couldn't enable TLS: Connect error
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\core\jmap\Entity:89] go\modules\community\ldapauthenticator\model\Server::internalSave() returned false
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\modules\community\ldapauthenticator\model\Server:159] go\modules\community\ldapauthenticator\model\Server::internalSave() returned false
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][warn][go\core\jmap\EntityController:779] go\modules\community\ldapauthenticator\model\Server::internalSave() returned false
[2024-02-15 11:53:29][JMAP LdapAuthServer/set][log][go\core\jmap\EntityController:779] Rolling back save operation for go\modules\community\ldapauthenticator\model\Server
[2024-02-15 11:53:29][JMAP LdapAuthServer/query][log][go\core\jmap\Router:102] Method LdapAuthServer/query,  ID: clientCallId-31

LDAP is slapd with forcing StartTLS on port 389 or native SSL (TLSv1.2 or above supported) on port 636 - both tested.

An installation native with ubuntu, apache2 and php works without any problems.

Certificate of LDAP is trusted.

[mschering]

I don't see why it wouldn't work from docker while it does without. Can you telnet from the docker container to the LDAP server?

[Nachtlichtermeer]

yes telnet works
i can see traffic via (tcpdump), too.
when i install ldap-utils and libldap-common inside the container i can connect to our LDAP successful.
Without libldap-common i'll get an error because of the certificate.

[mschering]

Is it a self signed certificate? What happens if you check "Don't validate certficate"?

[Nachtlichtermeer]

Certificate of LDAP is trusted.

no, it's a wildcard for our primary domain from globalssl signed by alphassl

What happens if you check "Don't validate certficate"?
already tested - same problem

i can send you a tcpdump if it helps.

ah, one information is nice to know: we use the software with docker swarm instead of docker compose because of some ISO-processes. But in the past that never make any problems.
i could test it native with compose if you wish

[Nachtlichtermeer]

tested with docker compose without any changes: same problem

steps:

• start with docker compose (Ubuntu 22.04; Docker 20.10.25)
• Installation
• activate LDAP-Module
• reload Page
• add LDAP server (hostname) and click save

[Nachtlichtermeer]

any ideas?

[mschering]

Sorry, I can't solve this without taking a dive into your network infra structure.

I don't think it's a bug in Group-Office but a network setup problem. Normally the docker container can reach the outside fine. Maybe a firewall is blocking it.