LDAPs not Connecting #35
Description
Hey, i managed to get V2.4 in Docker usinging my ssl- certificates running with my USER_PASSWORD set to accept any user given.
Now i want to make users looked up to my ldap- (freeipa)- service also on docker with authentication binds as described here:
https://doc.dovecot.org/2.4.1/core/config/auth/databases/ldap.html#authentication-binds
The Service of IPA in Docker is running with IP 172.19.0.3.
My conf looks like this:
passdb ldap {
driver = ldap
use_worker = yes
bind = yes
bind_userdn = cn=%{user},cn=users,cn=accounts
ldap_uris = ldaps://172.19.0.3
ldap_base = dc=obel1x,dc=de
}
userdb ldap {
ldap_connection_group = userdbgroup1
use_worker = yes
driver = ldap
result_success = continue-ok
ldap_uris = ldaps://172.19.0.3
filter = (&(objectClass=posixAccount)(uid=%{user}))
fields {
home = %{ldap:homeDirectory}
uid = %{ldap:uidNumber}
gid = %{ldap:gidNumber}
}
ldap_base = dc=obel1x,dc=de
}
But with that config i am not getting any connection to the Server:
Jul 29 21:49:18 stats: Info: {"event":"auth_request_finished","hostname":"f084b7674f9e","start_time":"2025-07-29T21:49:16.559789Z","end_time":"2025-07-29T21:49:18.973674Z","categories":["service:auth","auth"],"fields":{"duration":2413851,"remote_pid":9,"remote_uid":1000,"remote_gid":1000,"policy_result":"ok","mechanism":"PLAIN","transport":"TLS","protocol":"imap","session":"ZALVYBg7BIr9pfWYg+IAAAAAAAAAAAAB","local_ip":"fda5:f598:83e2::c","real_local_ip":"fda5:f598:83e2::c","remote_ip":"fda5:f598:83e2::1","real_remote_ip":"fda5:f598:83e2::1","local_port":31993,"real_local_port":31993,"remote_port":35332,"real_remote_port":35332,"original_user":"username","user":"username","translated_user":"username"}}
Jul 29 21:49:16 auth-worker(17): Error: ldap(ldaps://172.19.0.3:636): Can't connect to server: ldaps://172.19.0.3
Idk why its using IPV6 there while explicitly using IPV4.
I am also fully on IPV6 which usually works, but i gave IPV4 intentionally to avoid that error which also occurs on IPV6.
Also it seems like its doing requests to fda5:f598:83e2::1 - which is only IPV6 gateway of docker -network, not the IPV6 of the IPA- Service (fda5:f598:83e2::3). In my understanding, the Gateway should not be needed for IPV6 at all.
Could it be, that currently that image is not able to connect when IPV6 is active as it will handle all connections to that gateway as it would have done with IPV4? Since some time IPV6 is stable in Docker, so this should work.
I would like to dig deeper to it, but the image has very low debugging-usability as gnu tools are missing.
I really like that small image, but would it be possible to get additionally some larger debugging image with at least commands like ls or ps, ping or curl?
Great work so far, really!