Timeout error when using one cloudron to connect to another cloudron LDAP

cdrm

Hello, I'm having trouble connecting one cloudron to another cloudron's LDAP server. I've configured the following so far:

• Enable ipv6 on both servers.
• Confirm they works via: curl -6 http://ifconfig.me
• Enable ipv6 on the cloudron network page.
• Add AAAA records for "my" (I don't know know how to get cloudron to automatically create this, so I did it manually.
• Enable LDAP directory on cloudron A.
• Whitelist the ipv4 and 6 addresses of cloudron B on cloudron A.
• Attempt to connect cloudron B to cloudron A using the standard menus.

I'm getting a timeout error. Using sudo tcpdump -i any port 389 or port 636, I've confirmed there's data going out from cloudron B, but the same command in cloudron A doesn't return anything.

What am I missing here?

girish

If you do iptables -t filter -L CLOUDRON , do you see it added to the firewall? You should see a line like:

ACCEPT     tcp  --  anywhere             anywhere             match-set cloudron_ldap_allowlist src tcp dpt:3004

You can then do ipset list cloudron_ldap_allowlist to see it's members.

girish

Important consideration: is Cloudron A behind Cloudflare? Since then it won't work.

cdrm

Yes, the issue was due to the LDAP cloudron being behind cloudflare. Thanks for highlighting this.

girish

Yup, cloudflare doesn't proxy LDAP...

girish

I have added a warning now to help remind: