I'm trying to use docker to create a openldap server than I can connect to over our intranet. I've set it up to run as host so that it doesn't cause any network issues and we can use the network DNS. I'm using this image https://github.com/osixia/docker-openldap
Here's the code I use to launch the container;
docker run --net=host --name arq --hostname <fqdn of host server> --env LDAP_ORGANISATION="arq" --env LDAP_DOMAIN="<fqdn of host server>" --env LDAP_ADMIN_PASSWORD="<testpw>" --volume /docker/ldap3/ldap:/var/lib/ldap --volume /docker/ldap3/slapd:/etc/ldap/slapd.d --detach osixia/openldap
I stress that this works perfectly over port 389 for unencrypted communications. Nmap from another machine shows ports for 389 and 636 as being open for tcp.
I know the certificate in use will be self-signed, so I've tried to take that into account in the request. I've been trying to connect using;
LDAPTLS_REQCERT=never ldapsearch -d2 -H ldaps://<fqdn of host server> -x -D "uid=james,<fqdn of host server>" -W
The failure I get is;
TLS: can't connect: The TLS connection was non-properly terminated.. ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Regardless of if I'm setting LDAPTLS_REQCERT
openssl s_client -connect orthanctest.sth.nhs.uk:636 -showcerts
CONNECTED(00000003) depth=1 C = US, O = A1A Car Wash, OU = Information Technology Dep., L = Albuquerque, ST = New Mexico, CN = docker-light-baseimage verify error:num=19:self signed certificate in certificate chain verify return:0 140309985457808:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
Any ideas how to get this to work, or is this just not possible?