docker-openldap icon indicating copy to clipboard operation
docker-openldap copied to clipboard

Published 20 hours ago verified publisher icon osixia

Let's Encypt Cert not being used when openldap starts. No certificate file and certificate key provided

Open bdunn1100 opened this issue 1 year ago • 1 comments

Having an issue when I restart openldap it reverts back to the a default generated certificates. Looking at the log I see this message: openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | Hi! I'm ssl-helper, what button should i press ? openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | cfssl-helper is launched, everybody on the floor! openldap_1 | *** INFO | 2024-05-17 15:42:32 | No certificate file and certificate key provided, generate: openldap_1 | *** INFO | 2024-05-17 15:42:32 | /container/run/service/slapd/assets/certs/cert.pem and /container/run/service/slapd/assets/certs/key.key openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | use /container/run/service/:ssl-tools/assets/default-ca/config/req-csr.json.tmpl as csr file openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | cfssl gencert -loglevel 0 -ca /tmp/ca-cert-file -ca-key /tmp/ca-key-file -hostname 20290e2cb6a0 /tmp/csr-file | cfssljson -bare /tmp/cert openldap_1 | 2024/05/17 15:42:32 [INFO] generate received request openldap_1 | 2024/05/17 15:42:32 [INFO] received CSR openldap_1 | 2024/05/17 15:42:32 [INFO] generating key: ecdsa-384

My docker compose configuration is this: openldap: restart: always image: osixia/openldap:latest environment: LDAP_ADMIN_PASSWORD: password LDAP_ORGANISATION: ldap LDAP_DOMAIN: ldap.net LDAP_BASE_DN: dc=ldap,dc=net LDAP_TLS_VERIFY_CLIENT: never LDAP_TLS_CRT_FILENAME: cert.pem LDAP_TLS_KEY_FILENAME: key.key LDAP_TLS_CA_CRT_FILENAME: ca.pem volumes: - /srv/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom - /srv/ldap/data:/var/lib/ldap - /srv/ldap/slap.d:/etc/ldap/slapd.d command: --loglevel debug --copy-service ports: - "636:636" - "389:389" networks: - web - websecure

What ever I try it does not seem to take the cert that I placed in. I've used self signed and let's encrypt certs. Both have issues

bdunn1100 avatar May 17 '24 15:05 bdunn1100

Add a volume or bind-mount for TLS-related files under /container/service/slapd/assets/certs, where your certificates will be picked up.

See: https://github.com/osixia/docker-openldap/blob/master/image/service/slapd/assets/certs/README.md

bjozet avatar May 20 '24 14:05 bjozet