Use Yunohost LDAP from server containers

pihomeserver · November 8, 2023, 1:01pm

Hi

I would like to use the YH LDAP as a LDAP server for some containerized app. I can perfom ldapsearch from the host machine SSH as expected. But from the shell within a container i can’t reach it
I tried with FQDN, ip, gateway IP, extra host, etc. I tried to add “slapd: ALL : ALL” in hosts.allow (at least to test) but i can’t reach the ldap from any container

Any idea how i could do that ?

Thanks

Mamie · November 8, 2023, 1:45pm

Could you please put the output of sudo ss -tulnp | grep slapd ?
In my case, it listen on port 389 only for requests from 127.0.0.1, but on port 636 from anywhere.

I know nothing about slapd but it can give some hints.

tituspijean · November 8, 2023, 4:09pm

Slapd is configured to only listen to localhost, you need to tweak its configuration to allow other networks.

github.com

YunoHost/yunohost/blob/dev/conf/slapd/ldap.conf

#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

BASE   dc=yunohost,dc=org
URI    ldap://localhost:389

SIZELIMIT	10000
#TIMELIMIT	15
#DEREF		never

# TLS certificates (needed for GnuTLS)
TLS_CACERT	/etc/ssl/certs/ca-certificates.crt

sudoers_base ou=sudo,dc=yunohost,dc=org

The file is at /etc/ldap/ldap.conf, edit its URI accordingly (cf. man ldap.conf) and restart slapd service.