2
I have an application that needs to access an LDAP (Active Directory) server and running the application locally is working normally, however when running the application inside a Docker container it cannot access the Active Directory server. When I run a ping inside the container the LDAP server is reached.
This is the method that connects to Active Directory
/// <summary>
/// Construtor da classe
/// </summary>
/// <param name="configuration">Parâmetro de configuração</param>
public ActiveDirectoryClient(IConfiguration configuration, ILogger<ActiveDirectoryClient> logger)
{
_logger = logger;
_configuration = configuration;
_domain = _configuration["LDAPAdress"];
}
/// <summary>
/// Tenta conectar com o ActiveDirectory até uma quantidade de vezes e um intervalo de tempo fornecido em segundos
/// </summary>
/// <param name="attemps">Número de tentativas</param>
/// <param name="retryInterval">Intervalo de tempo entre as tentativas em segundos</param>
/// <returns>Retorna o contexto do Active Directory</returns>
/// <exception cref="CustomException">Lançada quando não é possível se conectar com o ActiveDiretory</exception>
private PrincipalContext TryConnectActiveDirectory(int attemps, double retryInterval)
{
while (attemps > 0)
{
_context = null;
var isRetry = false;
_logger.LogCritical(_domain);
try
{
_context = new PrincipalContext(ContextType.Domain, _domain);
}
catch (Exception)
{
isRetry = true;
attemps--;
Thread.Sleep(TimeSpan.FromSeconds(retryInterval));
}
if (isRetry || _context.Container == null)
{
attemps--;
Thread.Sleep(TimeSpan.FromSeconds(retryInterval));
}
}
_logger.LogCritical(_domain);
if (_context == null)
{
throw new CustomException(HttpStatusCode.ServiceUnavailable, "Não foi possível conectar-se com o servidor");
}
return _context;
}
This is the file with the settings for the project
{
"LDAPAdress": "10.10.2.1",
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
I am running the image built on port 60331 which is mapped to port 80. It is working because it has access to Swagger
I ran a tcpdump -i eth0 port 389 to list only the requests that went to ldap server, but I had no results, but if I run the application locally I can get the information.
Could you help me?
if you see the machine could not be a safety problem, certified for example?
– Ricardo Pontual
I ran a Curl to active directory server address by passing port 389 and having no port at all (I believe it uses port 80) and the request happens. Apparently the request is not occurring through the application:

$ curl 10.10.2.1
```
e
$ Curl 10.10.2.1:389 ``` , even if it was a security problem I could at least sniff the package not?– Michael Santos
Yes, if security is at protocol/authentication level, then a wireshark-like Sniffer would pick up the package arriving at ldap. If it doesn’t, it may even be a port map problem
– Ricardo Pontual
One thing I tried was to forward my host’s port 20000 to the address 10.10.2.1:389 and the container makes the request to host.docker.Internal:20000. I used tcpdump to sniff inside the container and no package was shown and I used wireshark on my host and no package was taken. Entwined if I make one
curl host.docker.internal:20000both the wireshark that is running on the host when the tcpdump that is running on the container can capture the packets– Michael Santos
I put to log the exception message released in Try/catch and discovered the problem is not in being able to access the LDAP server: "System.DirectoryServices.Accountmanagement is not supported on this Platform", my container is Ubuntu 18.04 while my host is windows 10
– Michael Santos
should be just that, but what :( will need a windows container then
– Ricardo Pontual
I will do a service with Node to do these operations with active directory with lib activedirectory and run in another container, I do not know if it is ideial, but it seems more practical than to create all the necessary operations with some ldap library for . net core
– Michael Santos