LDAPS CERT UTIL
Small utility to retrieve the different parts of a ldaps certificate and bundle them together, and get passbolt to work with ldaps.
How to use?
On your passbolt server (or any other server with a ldaps certificate issue)
Edit the php script configuration with your host name. Replace
host.yourldapdomain.com in the line
$ldapServerHost = 'host.yourldapdomain.com';
Then, we run the command.
At this point, the command should display a bundle certificate.
Let's copy the certificate where we need it:
php ./get_certificate.php > /etc/ssl/certs/ldaps_bundle.crt
Finally, we edit the ldap.conf config file
(The ldap.conf file can also be found in /etc/openldap/ldap.conf)
And we edit the line starting with
TLS_CACERT to point to our new certificate:
That's it. The LDAPS connection should now work.
How to debug
The ldapsearch command is here to help (from the ldap-utils package on debian)
ldapsearch -x -D "username" -W -H ldaps://your_ldap_host -b "dc=domain,dc=ext" -d 9
This work is just a ready to use version of the very detailed documentation provided by ldaptools: https://github.com/ldaptools/ldaptools/blob/master/docs/en/cookbook/Getting-Your-LDAP-SSL-Certificate.md Kudos to them for their great work.