LDAPS not working in Seafile Docker 8.0.x

For the benefit of anyone else looking for a solution… here’s what worked for me.

Issue

Since version 8.0.x I have noticed that LDAPS synchronization against my OpenLDAP server has not been working. It returns a vague “Unable to connect to LDAP server” error message. LDAP works without any problems, so the issue is clearly tied to something with explicit SSL over the LDAP connection. In my case, Seafile was the only program that had any difficulty connecting so I know my OpenLDAP server is working correctly.

I noticed several issues on GitHub relating to this are prematurely closed and a few posts here have solutions that are either very old, incomplete or do not apply to Docker.

What I think is happening

There is obviously an issue connecting over SSL (ldaps://). Given the lack of error message detail, I suspected it was a protocol or certificate chain validation error. Why Seafile just doesn’t use implicit TLS is beyond me, but since unsecured connections are a no-no in many environments including my own, we’re stuck using explicit SSL and dealing with the lack of error messages that goes along with that.

My Solution

As far as I can tell, the Seafile docker container does not have up-to-date root certificates! Possibly also missing a few LDAP library files, so I covered all my bases here and updated the ca-certificates and added ldap-utils for libraries and troubleshooting utilities.

The easiest way to implement these changes is to build your own custom docker container based off the Seafile container.

  1. Login to the Seafile docker repo and pull the container version you need.
  2. Download this Dockerfile
  3. Build your new container (don’t forget the ‘.’ at the end of the build command!)
# assuming you saved the Dockerfile to ~/seafile
cd ~/seafile
docker build --build-arg SEAF_VERSION=8.0.12 -t seafile:8.0.12-ldaps .
  1. Your container will be built and tagged as seafile:8.0.12-ldaps. Use that name, or whatever you typed as the tag after the ‘-t’ parameter, in your docker-compose.yml file.

Comments

This set-up will also provide you with ping and LDAP tools like ldapsearch so you can properly troubleshoot any issues you might still be having. That being said, once the certificates were updated, I was able to connect to my OpenLDAP server over explicit-SSL (ldaps://) without any more problems.

Hope this helps anyone else facing this issue.