New Home Assistant Alpine Docker image - curl "ldaps" not supported

itn3rd77 · August 30, 2019, 5:44am

Hi @all,

I am running Home Assistant Docker image and I’ve been using the Command Line auth provider to authenticate against my LDAP server. After upgrading to the latest Home Assistant version 0.98.1 which is now based on Alpine. I can no longer authenticate against my LDAP server as the curl version inside the Docker doesn’t support ldaps:

Protocol "ldaps" not supported or disabled in libcurl

Is there an alternative to the shell script linked in the docs https://www.home-assistant.io/docs/authentication/providers/?

Should I raise a bug report/feature request?

Thanks in advance!

Regards
Ingo

HypnoToad · August 30, 2019, 12:20pm

I would do this, otherwise it looks like you may need recompile CURL for this to work.

budbay · September 5, 2019, 1:28am

I just realized ldap was not working when trying to sign in on a new tablet. Have you raised an issue yet or found a workaround?

johnl1479 · September 6, 2019, 10:03pm

I ran into this issue while using the ldap-auth.sh. I just switched the CLIENT from “curl” to “ldapsearch” and its working again

budbay · September 7, 2019, 2:44am

Are you using the homeassistant/home-assistant:latest docker image, I am getting an error that “ldapsearch: not found”

johnl1479 · September 7, 2019, 3:02am

I’m using 0.98.1

polcape · September 11, 2019, 8:19am

Hi,
I’m using 0.98.5 official docker image but there isn’t curl with ldap support and neither ldapsearch.

How do u get the image with ldapsearch?

raphii · September 17, 2019, 8:25pm

I’m about to implement ldap in my setup. I am using Hass.io. Can someone confirm that this is working in 0.98.5?

budbay · September 19, 2019, 3:16am

For me, it is not currently working. The homeassistant docker image does not have ldap included in curl and it does not seem to have ldapsearch either.

bierchermuesli · October 15, 2019, 8:35pm

Same here - with latest. as a workaround you can run:

docker-compose exec  home-assistant apk add openldap-clients

nununo · October 16, 2019, 6:28pm

Thank you @bierchermuesli! Your hack worked!

I still had to tweak ldap-auth.sh to support STARTTLS and configure the CA certificate in the OpenLDAP inside the docker image but finally I made it work!

Most probably the next upgrade will ruin the CA certificate configuration… let’s see. Anyway it’s easy to implement again.

Thanks!!

nununo · October 16, 2019, 7:42pm

Oh, I almost forgot. Your command didn’t work exactly like you posted it. After some research I managed to make it work with this command:

docker exec homeassistant apk add  --update --repository http://dl-cdn.alpinelinux.org/alpine/edge/main --repository http://dl-cdn.alpinelinux.org/alpine/edge/community openldap-clients

kcsoft33 · March 23, 2020, 7:30pm

I tried this workaround last night in my attempt to get LDAP auth working against my system. No luck openldap-clients seem to be installed in my docker image but still getting the curl error. Is there some other config needed inside the container to make this work?

Cyanryan · May 12, 2020, 9:34pm

This was really helpful, but it isn’t good practice to modify running docker instances like this because the changes are lost when updating. I created a custom Dockerfile / docker-compose.yml combo to build a custom image. Works well.