Docker Community Forums

Share and learn in the Docker community.

Connecting to LDAP server over port 636 from Docker container

docker
security
(Jcarrasc) #1

I have a local dev environment. Running on a Mac:
Flask + Python3.6 + ldap3 module

What I am doing is connecting to a standalone ldap server over port 636. The server is not part of local environment and not in a container.

With my current environment - on localhost - the Flask app connects to ldap server… no problem.

Issue: I created a Docker container for Flask app. Now, when the same code executes from a container, I get:

LDAPSocketOpenError('socket ssl wrapping error: EOF occurred in violation of protocol (_ssl.c:777)

Now, I know above error is related to a bad connection. So my question is… what am I missing in regards to connecting to a server over port 636 from a Docker container? In addition, if Docker for Mac recognizes the certs from keychain, why doesn’t this work?

Below is my Dockerfile:

FROM alpine:latest

RUN apk add --update \
list of packages...

COPY /home/project/path /app
COPY /path/to/certs /etc/ssl
RUN update-ca-certificates

WORKDIR /app

ENV FLASK_APP=project.py

CMD["flask", "run", "--host=0.0.0.0"]

FYI. I run the container in “-d” mode and then exec /bin/sh. From within the container I can run:

openssl s_client -connect ldap.server.address:636

And it works! I need some assistance, what am I missing about Docker configuration. BTW, all of this is done on localhost.

1/23/2018

After working on this issue, the problem resides in some incompatibility issue between the alpine:latest image and ldap3 python module. Although the precise problem is not solved, changing the Docker image to alpine:3.4 works.