Provide a sample for LDAPs using SSL against Active Directory

[boschkundendienst]

Microsoft will sooner or later only support LDAPS as stated here. I tried to configure LDAPS with my CodiMD installation (currently it is still on 1.3.2) but I can not get it to work. I use it via docker-compose with image quay.io/codimd/server:1.3.2.

with LDAP only I use the following environment to make it work on port 389 without SSL

CMD_LDAP_URL=ldap://ldap-server.fqdn:389
CMD_LDAP_BINDDN=cn=ldapuser,cn=Users,dc=my,dc=domaindc=tld
CMD_LDAP_BINDCREDENTIALS=ldappass
CMD_LDAP_SEARCHBASE=dc=my,dc=domain,dc=tld
CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))
CMD_LDAP_USERIDFIELD=sAMAccountName
CMD_LDAP_PROVIDERNAME=Active Directory LDAP

So I just had to change it like this to make it work:

CMD_LDAP_URL=ldaps://ldap-server.fqdn:636
CMD_LDAP_BINDDN=cn=ldapuser,cn=Users,dc=my,dc=domaindc=tld
CMD_LDAP_BINDCREDENTIALS=ldappass
CMD_LDAP_SEARCHBASE=dc=my,dc=domain,dc=tld
CMD_LDAP_SEARCHFILTER=(&(objectcategory=person)(objectclass=user)(sAMAccountName={{username}}))
CMD_LDAP_USERIDFIELD=sAMAccountName
CMD_LDAP_PROVIDERNAME=Active Directory LDAPS

That did not work. I provide the above variables with an env_file entry in my docker-compose.yml file.

So it would be nice to have a working example in the docs that works with Microsoft AD and LDAPS, optionally a CA certificate that can be used to verify the cert of the domain controllers should be addable.

Maybe I overread something but I could not get ldaps working with CodiMD. I am not on the latest version but I think it should still work.

I can successfully connect to the LDAP using the ldapsearch command line utility directly on the host (CentOS7). On the host I installed the CA certificate of our internal CA that issued the certificates for the domain controller I check against.