2

I have to integrate LDAP with two different services: exoPlatform and Liferay. So I set up an LDAP server via a Docker image with these configurations:

  • Server Name: openldap
  • Base Provider URL: ldap://openldap:389
  • Base DN: cn=users,ou=Platform,o=acme,dc=example,dc=org

My admin account is just: cn=admin

With exoPlatform, it works fine, I can log in with my LDAP accounts. Here the configurations in the picketlink-idm-openldap-config.xml:

<option>
  <name>providerURL</name>
  <value>ldap://openldap:389</value>
</option>
<option>
  <name>adminDN</name>
  <value>cn=admin,dc=example,dc=org</value>
</option>
<option>
  <name>adminPassword</name>
  <value>admin</value>
</option>

But for Liferay, it tells me that the host is not known... Unable to bind to the LDAP server liferay | javax.naming.CommunicationException: openldap:389 [Root exception is java.net.UnknownHostException: openldap] Caused by: java.net.UnknownHostException: openldap

I don't know if it's related but I'll say it anyway just in case, I have 2 different docker-compose that I launch at the same time:

  • one that contains the images openldap, phpldapadmin, exoPlatform and mysql1
  • one that contains the liferay and mysql2 images

I am also behind a corporate proxy, but I don't remember having done anything special for exoPlatform. I simply added the proxy settings to Catalina Tomcat for my exoPlatform and Liferay images.

Also, I have set LDAP authentication to enabled in the Liferay control panel with the Bind method.

Melinsuna
  • 193
  • 1
  • 10
  • `Root exception is java.net.UnknownHostException: openldap`. You can enable anything, but if Liferay can't see the LDAP server, it simply can't act on that configuration. Check your docker setup and make sure that your Liferay container can see your OpenLDAP container. – Olaf Kock Apr 26 '19 at 14:12

1 Answers1

2

This a network issue between your containers, exoPlatform works but Liferay doesn't because the specified host openldap does not exist in its own container, and as well the 389 port may not be accessible from there.

You can have a quick check without running java/ldap by running the following command from the Liferay container :

telnet openldap 389

It will probably outputs "Network is unreachable", in this case you need to create a network and connect containers to that network >>> How to communicate between Docker containers via "hostname"

EricLavault
  • 12,130
  • 3
  • 23
  • 45
  • Thanks @ericlavault I just needed to add a network in my docker-compose files and create a bridge between them – Melinsuna May 02 '19 at 12:44