openldap : ldapsearch ldap_bind: Invalid credentils (46)

Question

I'm trying to ldapsearch from host to a container but it's not working.

I start with :

docker run --env LDAP_ORGANISATION="OpenLdap" --env LDAP_DOMAIN="example.org" --env LDAP_ADMIN_PASSWORD="admin" -p 389:389 -p 636:636 --name openldap --detach osixia/openldap:1.5.0 

Then this works :

$ docker exec openldap ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
# extended LDIF
#
# LDAPv3
# base <dc=example,dc=org> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# example.org
dn: dc=example,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: OpenLdap
dc: example

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

but this doesn't when executed directly from the host :

ldapsearch -x -H ldap://localhost -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin

Result :

ldap_bind: Invalid credentials (49)

thank you very much for your help

Answer 1

I tested this on my local system, and with the corrected docker run command line...

docker run \
  --env LDAP_ORGANISATION="OpenLdap" \
  --env LDAP_DOMAIN="example.org" \
  --env LDAP_ADMIN_PASSWORD="admin" \
  -p 389:389 \
  -p 636:636 \
  --name openldap \
  --detach osixia/openldap:1.5.0 

...I can successfully run your ldapsearch commands both inside and outside the container. The behavior you're seeing suggests that when you're running ldapsearch on the host, it's not connecting to the same ldap server that you're using inside the container.

You need to check to see if anything else is listening on port 389 on your system. Under Linux, you can do this by running netstat -tln; if you're on Windows, the equivalent command is netstat -aon.

If you find something else listening on port 389, your options are (a) kill it or (b) map the containerized service to a different port.