docker-test-openldap icon indicating copy to clipboard operation
docker-test-openldap copied to clipboard

Published 20 hours ago verified publisher icon rroemhild

Certificate in the rroemhild/test-openldap:latest

Open jskacel opened this issue 1 year ago • 5 comments

Since image was not rebuild for quite some time the cert is expired.

openldap@e87d0829de15:/etc/ldap/ssl$ openssl x509 -text -noout -in ldap.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:2a:b4:e1:3b:c5:8f:c9:8e:0c:f3:99:5c:03:bb:fc:09:9d:1b:69
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = planetexpress.com
        Validity
            Not Before: Mar 11 13:28:52 2021 GMT
            Not After : Mar 11 13:28:52 2022 GMT

jskacel avatar Aug 10 '22 11:08 jskacel

Thanks for this info. I think I should change the container registry to i.e. GitHub. It seems that with docker hub in the free plan it is no longer possible to start a rebuild from the image.

rroemhild avatar Aug 25 '22 07:08 rroemhild

Another solution would be to create cert everytime it start.. Or maybe have special command which users can run..

eg. docker run -v path_for_certs:/etc/ldap/ssl rroemhild/test-openldap generate_certs.sh and then mount it to normal image :)

jskacel avatar Aug 25 '22 08:08 jskacel

Yes a new working image would be great. The image from docker hub works great for simple testing. We build the image our self with some changes for the users and groups and its not starting up with the current Dockerfile.

Atm the project seems broken.

paulkitt avatar Sep 01 '22 12:09 paulkitt

The certificate should be created with rootfs/etc/cont-init.d/010-tls-certificates on every new container.

Output from docker run:

[cont-init.d] 010-tls-certificates: executing... 
+ [[ -f /etc/ldap/ssl/ldap.key ]]
Make self-signed certificate for planetexpress.com...
+ echo 'Make self-signed certificate for planetexpress.com...'
+ openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt
Generating a RSA private key
.....................................+++++
.................................+++++
writing new private key to '/etc/ldap/ssl/ldap.key'
-----
+ chmod 600 /etc/ldap/ssl/ldap.key
[cont-init.d] 010-tls-certificates: exited 0

rroemhild avatar Sep 02 '22 10:09 rroemhild

I've tried to run new container, but it's not recreated:

# podman run --rm --name ldap-test -p 11389:10389 -p 11636:10636 -e LDAP_BASEDN="dc=planetexpress,dc=com" docker.io/rroemhild/test-openldap
63591fe5 @(#) $OpenLDAP: slapd  (Feb 14 2021 18:32:34) $
	Debian OpenLDAP Maintainers <[email protected]>
63591fe6 slapd starting

jskacel avatar Oct 26 '22 11:10 jskacel