New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to access LDAP server over TLS #209
Comments
Interesting... note sure why The Dockerfile installs libaprutil1-ldap which has $ docker run -it --rm httpd:2.4.51 bash
root@e6828c8b35ed:/usr/local/apache2# apt search libaprutil1-ldap
Sorting... Done
Full Text Search... Done
libaprutil1-ldap/now 1.6.1-5 amd64 [installed,local]
Apache Portable Runtime Utility Library - LDAP Driver
root@e6828c8b35ed:/usr/local/apache2# apt search libldap
Sorting... Done
Full Text Search... Done
libldap-2.4-2/now 2.4.57+dfsg-3 amd64 [installed,local]
OpenLDAP libraries
root@e6828c8b35ed:/usr/local/apache2# apt search libldap-common
Sorting... Done
Full Text Search... Done What $ docker run -it --rm httpd:2.4.50 bash
root@e8cbf9179ea8:/usr/local/apache2# apt search libaprutil1-ldap
Sorting... Done
Full Text Search... Done
libaprutil1-ldap/now 1.6.1-4 amd64 [installed,local]
Apache Portable Runtime Utility Library - LDAP Driver
root@e8cbf9179ea8:/usr/local/apache2# apt search libldap
Sorting... Done
Full Text Search... Done
libldap-2.4-2/now 2.4.47+dfsg-3+deb10u6 amd64 [installed,local]
OpenLDAP libraries
libldap-common/now 2.4.47+dfsg-3+deb10u6 all [installed,local]
OpenLDAP common files for libraries |
This is very similar to docker-library/php#1228 -- the difference (and the thing that caused the breakage) is that in Debian Bullseye, In this case, it's core functionality being broken, so IMO we should probably add it persistently (perhaps with a link to this thread so we can more easily remember/chase down why we added it). |
Thank you for your prompt action! |
Abstract
My container based on version 2.4.51 failed to access our LDAP server via ldaps with the following error_log:
Before 2.4.50 don't have the issue as the libldap-common package was installed.
Root cause
The missing /etc/ldap/ldap.conf file causes the missing "TLS_CACERT /etc/ssl/certs/ca-certificates.crt" configuration.
Because of this, the server cannot access using ldaps:// URL.
Conclusion
Is this an intended change in 2.4.51 or later?
The text was updated successfully, but these errors were encountered: