-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL certificate error when launching LDAP container #39
Comments
The Are you using the |
Just set it back to the the latest, still getting the error. |
These are the images I am currently using:
|
Hi, is there any update on this issue? I'm running into the same problems. Thx |
Who are your certificates issued by? |
They are official wildcard certificates issued from digicert, not from a local CA. |
Hello, I encounter the same concern, Is there a solution? I am using a wildcard certificate for my website which is in https and works via HaProxy
|
My guess is that this is due to a new cert in the chain and that the Docker image needs to be rebuilt with the latest trusted certs. My ability to test and deploy this is limited right now due to family obligations. If someone can test to see how it works with a newer base image, I could deploy that. Otherwise, it may take me a couple weeks. |
Found a little bit of time. You can test the latest |
Thank you for being quick !! Problem still present for me
|
Hmm. I may need to do some reading on how certificate chains are bundled with the Rust TLS libraries. Have you tried both the regular and alpine versions? |
Hello @ViViDboarder i have try the alpine and the regular master version, both of theme bring the same error. |
I thinked i have found the error, you have to add the Root certificates to the host. I will test this and give feedback |
The problem has been resolved. You have to add to Root Certificate of your provider in the /etc/ssl/certs directory of your server, then you have to mount the volume in your docker container. Dont forget to dpkg-reconfigure certificates that they will be added. If you have following certificate: Digicertrootcert.cert.pem you have to rename it to Digicertrootcert.cert and then make the dpkg-reconfigure certificates. |
I've got the same problem but it could not be resolved by the steps above. To clarify: You installed a ca-certificate on the server, mounted it to the container and executed the "dpkg-reconfigure" in the container? The command "dpkg-reconfigure certificates" failed in my container ("package certificates is not installed"). Did you mean "dpkg-reconfigure ca-certificates"? We have an official wildcard certificate issued by Starfield Technologies and the Starfield CA-Certificate is installed by default Any ideas? |
I have installed a missing intermediate ca on the server and now the cert errror in wget is gone (wget -S https://sub.domain.tld) but the error in vw-ldap is still the same... (like mentioned above by Oz246)... |
hello, what error is coming? |
this is maybe because of your filter i have set a filter to all active users. (&(objectCategory=organizationalPerson)(objectClass=User)(!(userAccountControl:1.2.840.113556.1.4.803:=2))) |
I tested my ldap filter with bitwarden directory connector... this simple filter should also work i think: (objectClass=user) Or not? |
OK. I've re-done the whole process and now it works... so it wasn't the ldap filter (which was wrong too... :-) |
Which filter did you end up using? thx |
How is this related to LDAP reading though? Thanks! |
don't know anymore. too long ago. the whole "right-certificates in folders and cache"-thing... the filter I'm using is: ldap_search_filter = "(&(objectClass=user)(objectcategory=person)(memberOf=CN=,OU=,OU=,OU=,DC=,DC=)(mail=*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" you have to replace the stars with your ad-info (maybe more or less ou's...) it reads like user with mail-address in the selected ad-(sub)directory which is not deactivated (?) i hope it helps... |
Hi,
Just unsure about the nature of this error.
our website has a valid certificate, and we have forced "ldap_no_tls_verify = false" from the default true value (also failed in that case as well)
The text was updated successfully, but these errors were encountered: