Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let's Encypt Cert not being used when openldap starts. No certificate file and certificate key provided #679

Open
bdunn1100 opened this issue May 17, 2024 · 1 comment

Comments

@bdunn1100
Copy link

bdunn1100 commented May 17, 2024

Having an issue when I restart openldap it reverts back to the a default generated certificates. Looking at the log I see this message:
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | Hi! I'm ssl-helper, what button should i press ?
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | cfssl-helper is launched, everybody on the floor!
openldap_1 | *** INFO | 2024-05-17 15:42:32 | No certificate file and certificate key provided, generate:
openldap_1 | *** INFO | 2024-05-17 15:42:32 | /container/run/service/slapd/assets/certs/cert.pem and /container/run/service/slapd/assets/certs/key.key
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | use /container/run/service/:ssl-tools/assets/default-ca/config/req-csr.json.tmpl as csr file
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | cfssl gencert -loglevel 0 -ca /tmp/ca-cert-file -ca-key /tmp/ca-key-file -hostname 20290e2cb6a0 /tmp/csr-file | cfssljson -bare /tmp/cert
openldap_1 | 2024/05/17 15:42:32 [INFO] generate received request
openldap_1 | 2024/05/17 15:42:32 [INFO] received CSR
openldap_1 | 2024/05/17 15:42:32 [INFO] generating key: ecdsa-384

My docker compose configuration is this:
openldap:
restart: always
image: osixia/openldap:latest
environment:
LDAP_ADMIN_PASSWORD: password
LDAP_ORGANISATION: ldap
LDAP_DOMAIN: ldap.net
LDAP_BASE_DN: dc=ldap,dc=net
LDAP_TLS_VERIFY_CLIENT: never
LDAP_TLS_CRT_FILENAME: cert.pem
LDAP_TLS_KEY_FILENAME: key.key
LDAP_TLS_CA_CRT_FILENAME: ca.pem
volumes:
- /srv/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
- /srv/ldap/data:/var/lib/ldap
- /srv/ldap/slap.d:/etc/ldap/slapd.d
command: --loglevel debug --copy-service
ports:
- "636:636"
- "389:389"
networks:
- web
- websecure

What ever I try it does not seem to take the cert that I placed in. I've used self signed and let's encrypt certs. Both have issues

@bjozet
Copy link
Contributor

bjozet commented May 20, 2024

Add a volume or bind-mount for TLS-related files under /container/service/slapd/assets/certs, where your certificates will be picked up.

See:
https://github.com/osixia/docker-openldap/blob/master/image/service/slapd/assets/certs/README.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants