Docker-openldap: "TLS negotiation failure" when using Letsencrypt

Created on 9 Jan 2018  路  2Comments  路  Source: osixia/docker-openldap

Hi,

connection to unsecured ldap:// does work.

On every ldaps:// request we get this Error inside the Container:

5a54af42 conn=1000 fd=15 ACCEPT from IP=172.17.0.1:38048 (IP=0.0.0.0:636)
TLS: can't accept: No certificate was found..
5a54af42 conn=1000 fd=15 closed (TLS negotiation failure)

The way we start the Container:

docker run \
        --detach \
        --env LDAP_ORGANISATION="xxx" \
        --env LDAP_DOMAIN="test.ldap.xxx.com" \
        --env LDAP_ADMIN_PASSWORD="yyy" \
--env LDAP_TLS_CRT_FILENAME=cert1.pem \
--env LDAP_TLS_KEY_FILENAME=privkey1.pem \
--env LDAP_TLS_CA_CRT_FILENAME=test.pem \
        --hostname test.ldap.xxx.com \
        --name test.ldap.xxx.com \
        --publish 9505:389 \
        --publish 9516:636 \
        --restart always \
        --volume /srv/docker/test.ldap.xxx.com/etc/ldap/slapd.d:/etc/ldap/slapd.d \
        --volume /srv/docker/test.ldap.xxx.com/var/lib/ldap:/var/lib/ldap \
        --volume /etc/letsencrypt/archive/test.ldap.xxx.com:/container/service/slapd/assets/certs \
        osixia/openldap:1.1.11

We tried to insert the environment variable LDAP_TLS_CA_CRT_FILENAME as chain.pem, fullchain.pem and concatenations of privkey/chain/cert... but no success.

Does anybody has running TLS with Letsencrypt?

TiA

Most helpful comment

The solution was to use --env LDAP_TLS_VERIFY_CLIENT=try

https://github.com/osixia/docker-openldap/issues/105

All 2 comments

The solution was to use --env LDAP_TLS_VERIFY_CLIENT=try

https://github.com/osixia/docker-openldap/issues/105

I tried this as well and it resulted in the client falling back to using unencrypted binding.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Shriyanshmit picture Shriyanshmit  路  5Comments

adambom picture adambom  路  6Comments

jckoester picture jckoester  路  4Comments

LeaklessGfy picture LeaklessGfy  路  4Comments

vadimkim picture vadimkim  路  6Comments