Hi,
connection to unsecured ldap:// does work.
On every ldaps:// request we get this Error inside the Container:
5a54af42 conn=1000 fd=15 ACCEPT from IP=172.17.0.1:38048 (IP=0.0.0.0:636)
TLS: can't accept: No certificate was found..
5a54af42 conn=1000 fd=15 closed (TLS negotiation failure)
The way we start the Container:
docker run \
--detach \
--env LDAP_ORGANISATION="xxx" \
--env LDAP_DOMAIN="test.ldap.xxx.com" \
--env LDAP_ADMIN_PASSWORD="yyy" \
--env LDAP_TLS_CRT_FILENAME=cert1.pem \
--env LDAP_TLS_KEY_FILENAME=privkey1.pem \
--env LDAP_TLS_CA_CRT_FILENAME=test.pem \
--hostname test.ldap.xxx.com \
--name test.ldap.xxx.com \
--publish 9505:389 \
--publish 9516:636 \
--restart always \
--volume /srv/docker/test.ldap.xxx.com/etc/ldap/slapd.d:/etc/ldap/slapd.d \
--volume /srv/docker/test.ldap.xxx.com/var/lib/ldap:/var/lib/ldap \
--volume /etc/letsencrypt/archive/test.ldap.xxx.com:/container/service/slapd/assets/certs \
osixia/openldap:1.1.11
We tried to insert the environment variable LDAP_TLS_CA_CRT_FILENAME as chain.pem, fullchain.pem and concatenations of privkey/chain/cert... but no success.
Does anybody has running TLS with Letsencrypt?
TiA
The solution was to use --env LDAP_TLS_VERIFY_CLIENT=try
I tried this as well and it resulted in the client falling back to using unencrypted binding.
Most helpful comment
The solution was to use --env LDAP_TLS_VERIFY_CLIENT=try
https://github.com/osixia/docker-openldap/issues/105