Issue with LDAP when setting up dcm4chee-arc-light on docker over several hosts without docker swarm

[Danyell Wilt]

Following instructions located at https://github.com/dcm4che/dcm4chee-arc-light/wiki/Distribute-archive-services-with-secured-UI-and-Elastic-Stack-over-several-hosts-without-Docker-Swarm

I am having an issue getting the Keycloak node to be able to resolve the ldap container/

I have verified that the OpenLDAP node is listening on port 389 and I have been able to connect to the container with JXplorer and see the dcm4che relm and associated objects when connecting from my workstation.

The error I see when trying to login via keycloak is

2017-10-03 20:26:24,845 INFO  [org.keycloak.storage.ldap.LDAPIdentityStoreRegistry] (default task-9) Creating new LDAP Store for the LDAP storage provider: 'ldap', LDAP Configuration:   {fullSyncPeriod=[-1], pagination=[true], connectionPooling=[true], usersDn=[ou=users,dc=dcm4che,dc=org], cachePolicy=[DEFAULT], useKerberosForPasswordAuthentication=[false], importEn  abled=[true], bindDn=[cn=admin,dc=dcm4che,dc=org], changedSyncPeriod=[-1], usernameLDAPAttribute=[uid], lastSync=[1502608592], vendor=[other], uuidLDAPAttribute=[entryUUID], connectio  nUrl=[ldap://ldap:389], allowKerberosAuthentication=[false], syncRegistrations=[true], authType=[simple], debug=[false], searchScope=[1], useTruststoreSpi=[ldapsOnly], priority=[0], u  serObjectClasses=[inetOrgPerson, organizationalPerson], rdnLDAPAttribute=[uid], editMode=[WRITABLE], batchSizeForSync=[1000]}, binaryAttributes: []

2017-10-03 20:26:24,880 ERROR [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager] (default task-9) Could not query server using DN [ou=users,dc=dcm4che,dc=org] and filter   [(&(uid=admin)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))]: javax.naming.CommunicationException: ldap:389 [Root exception is java.net.UnknownHostException: ldap]

when creating the dcm4chee-default on the db node:

       "Containers": {

            "29703941a357384960177cdc6e167a7cac14a11b1df447028c070a0db4ff12b7": {

                "Name": "ldap",

                "EndpointID": "86704c96efa4b11d1798890535bedbc5406582c1652bd413cb97dd39c9df596c",

                "MacAddress": "02:42:ac:12:00:02",

                "IPv4Address": "172.18.0.2/16",

                "IPv6Address": ""

I have tried the following

1. adding an /etc/hosts entry for ldap to the external address the on the db node that has port 389 open to the container

2. adding   

 -e LDAP_HOST=<opendlaphostname> 

to the keycloak docker run container

3. adding 

 -e LDAP_HOST=<openldapipaddress>

to the keycloak docker run container

After which the docker container inspect keycloak command returns

                "LDAP_HOST=<openldaphost>",

                "LDAP_PORT=389",

                "LDAP_BASE_DN=dc=dcm4che,dc=org",

                "LDAP_ROOTPASS=secret",

Nothing I have tried has resulted in the keycloak being able to resolve the host. I have a feeling I need the docker container networks to either be aware of eachother or find a way for the keycloak container to use the hostname or ip address for the ldap server since ldap name would seem to only work in a standalone environment.

Has anybody experienced this issue?

[gunterze]

Containers do not see /etc/hosts of the docker host! If you cannot ensure that your DNS has entries for all hosts, you may workaround by inserting the mapping of hostname to IP in /etc/hosts of the container by docker run option

--add-host="<hostname>:<IP>"

or the correspondent docker-compose.yml entry

extra_hosts:
 - "<hostname>:<IP>"

[Danyell Wilt]

That did the trick. Thank you!