Login with ldap and TLS fails with the docker container v3.2.3

[vlebourl]

Hi, I'm using the following to log in with ldap:

CDASH_AUTHENTICATION_PROVIDER=ldap
LDAP_USE_TLS=true
LDAP_HOSTS=ldap.example.com
LDAP_BASE_DN="cn=users,dc=example,dc=com"
LDAP_USERNAME="cn=john,cn=users,dc=example,dc=com"
LDAP_PASSWORD=${PASS}
LDAP_BIND_USERS_BY=userPrincipalName
LDAP_PROVIDER=activedirectory
LDAP_LOGGING=true

which fails on our server with and error Can't contact LDAP server. Not setting LDAP_USE_TLS results in an other error: Strong(er) authentication required as expected considering our server's settings.

1. I had to browse the source code to find the LDAP_USE_TLS parameter as it's not documented in the ldap section of your authentication documentation. Would it be possible to add the different available but undocumented options?

2. Upon further investigation running an ldapsearch inside the container using ldaps leads to

ldap_url_parse_ext(ldaps://ldap.example.com:636)
ldap_create
ldap_url_parse_ext(ldaps://ldap.example.com:636/??base)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP ldap.example.com:636
ldap_new_socket: 3
ldap_prepare_socket: 3
ldap_connect_to_host: Trying 10.10.10.17:636
ldap_pvt_connect: fd: 3 tm: -1 async: 0
attempting to connect:
connect success
TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) 

which can be resolved by manually installing the package libldap-common inside the container, or by mapping a single file ldap.conf containing the line

TLS_CACERT      /etc/ssl/certs/ca-certificates.crt

to /etc/ldap/ldap.conf. I wonder whether the package libldap-common should be installed by the Dockerfile upon creating the container image?

Unfortunately I haven't been able to test the latest container yet. Please feel free to close this if it has already been fixed.

Cheers