portainer: LDAP authentication to AD does not work over TLS
When I turn on StartTLS or TLS the connection to AD fails. Just connection to port 389 without TLS works fine. I have tried several combinations with CA and without the result is the same. I even tried to create my own docker image based on centos but Portainer still fails. Using ldapsearch from the same container works.
Errors in log are simplisting and don’t give much more information. As ldapsearch from the same container works its not network or AD issue.
First one is StartTLS query and second one TLS 2018/01/31 17:23:35 http error: LDAP Result Code 200 “Network Error”: TLS handshake failed (read tcp 172.18.0.4:42136->172.30.112.111:389: read: connection reset by peer) (code=500) 2018/01/31 14:47:03 http error: LDAP Result Code 200 “Network Error”: read tcp 172.18.0.4:57100->172.30.112.111:389: read: connection reset by peer (code=500)
- Portainer version: 1.16.1
- Target Docker version (the host/cluster you manage): 17.09.1-ce
- Platform (windows/linux): CentOS 7 host, SELinux disabled
- Command used to start Portainer (
docker run -p 9000:9000 portainer/portainer): Does not seem to be relevant. - Target Swarm version (if applicable): API version 1.32
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 15 (4 by maintainers)
I had a similar Issue. It turned out that the TLS Connection failed because of the LDAP Windows Server Version (2012 R2). You have to set a max TLS Version in a config when you have this Windows Server Version. To fix this I changed one file in the portainer source code:
After I changed the config it worked.
Before changes:
After changes:
This maybe no sustainable solution but it worked for me in the first place.