I am trying to connect to the Secure LDAP service of Google Workspace from a Cloud Run instance.
I have successfully created a client for the Secure LDAP service and connected to it from my local machine.
I also created a Docker image containing a small web application that connects to the Secure LDAP service. It works perfectly in my local Docker environment. (The small web application is written with Python, and the ldap connection library is ldap3.)
However, after deploying the image to a Cloud Run instance, the connection to Secure LDAP times out.
Error message from Cloud Run logs
ldap3.core.exceptions.LDAPSocketOpenError: ('unable to open socket',
[(LDAPSocketOpenError('socket connection error while opening: timed out'),
My Environment
- Cloud Run region:
asia-northeast1 - Google Secure LDAP endpoint:
ldap.google.com:636
What I Have Tried
- Confirmed that it works locally in a Docker container.
- Checked Cloud Run network settings:
- I am NOT using VPC Connector.
- I have NOT configured a Cloud NAT.
- Tested different connect_timeout values (5s, 10s, 30s).
- Confirmed that my Cloud Run service has internet access by running curl https://www.google.com inside the container.
My Question
Is the outbound connection from a Cloud Run instance to the Secure LDAP service restricted? Do I need a Cloud NAT or Private Google Access to make this work?
