Hi. You use [this doc](https://gluu.org/docs/gluu-server/4.2/installation-guide/install-docker/) to setup your Docker-based environment, right?

Yes, exactly, we have followed those instructions but we didn't see how to connect externally there

I wouldn't expose the ports publicly for security reasons. Normally I use an SSH tunnel to do this. Can you run ssh and then expose port 22?

I think that I was not clear in my question. WIth "exposed" I mean that I have bind port from docker container to localhost. My issue is that I can't connect from the machine running the docker containers to opendj docker container ldap service using ldapsearch. Connecting directly to the IP after doing a docker inspect does not work either. I guess that the issue might be in the connection options for ldapsearch that should be different from outside the container but I didn't found the information. Once I'm able to connect to the opendj container I will indeed do an SSH tunnel from my computer to configure the tool.

Sorry for the delayed answer. Seems like it may not be as easy as I thought, after all.. The problem with Jxplorer is this: ``` javax.naming.CommunicationException: simple bind failed: 192.168.238.175:7636 [Root exception is javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 192.168.238.175 found] ``` Apparently it comes down to how certificate LDAP server uses inside container is composed, as SANs take precedence over Subject/CN field in it, and the only DNS name defined in SANs field there is "ldap" - what makes sense only inside container. Frankly, this is mostly client's (Jxplorer) issue, as it just rejects certificate, without giving user a choice. For example, you still can use `ldapsearch` tool to search inside container via your exposed port, if you specify `-X` argument that cancles thorough certificate verification. So if you have some other LDAP GUI browser that allows the same should do the trick.

...and I had an idea instantly. So I went to `/etc/hosts` file on the machine from which I run Jxplorer, and I added a line there, a mapping like this: ``` 192.168.238.175 ldap ``` ..where `192.168.238.175` is ip address of the machine where Docker runs and where the LDAP container's port was exposed. Then in Jxplorer, I used "ldap" as "Host" and my exposed port as "Port" when setting up a connection - and I'm in there. Two hours of wasted time on trying something totally different and way more complex..

Thank you very much Aliaksandr for your help, indeed with the /etc/hosts adaptation it's working perfectly with JXplorer for me too from my development machine. Regarding the ldapsearch thing it turns out that the ldapsearch packed in ldap-tools in ubuntu is different than the one that you have packaged with opendj, and copying the binaries from your container it does work from the machine running docker too. I'll close the ticket as all it's solved