osixia/docker-openldap

Let's Encypt Cert not being used when openldap starts. No certificate file and certificate key provided

bdunn1100 opened this issue · 1 comments

bdunn1100 commented

Having an issue when I restart openldap it reverts back to the a default generated certificates. Looking at the log I see this message:
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | Hi! I'm ssl-helper, what button should i press ?
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | cfssl-helper is launched, everybody on the floor!
openldap_1 | *** INFO | 2024-05-17 15:42:32 | No certificate file and certificate key provided, generate:
openldap_1 | *** INFO | 2024-05-17 15:42:32 | /container/run/service/slapd/assets/certs/cert.pem and /container/run/service/slapd/assets/certs/key.key
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | use /container/run/service/:ssl-tools/assets/default-ca/config/req-csr.json.tmpl as csr file
openldap_1 | *** DEBUG | 2024-05-17 15:42:32 | cfssl gencert -loglevel 0 -ca /tmp/ca-cert-file -ca-key /tmp/ca-key-file -hostname 20290e2cb6a0 /tmp/csr-file | cfssljson -bare /tmp/cert
openldap_1 | 2024/05/17 15:42:32 [INFO] generate received request
openldap_1 | 2024/05/17 15:42:32 [INFO] received CSR
openldap_1 | 2024/05/17 15:42:32 [INFO] generating key: ecdsa-384

My docker compose configuration is this:
openldap:
restart: always
image: osixia/openldap:latest
environment:
LDAP_ADMIN_PASSWORD: password
LDAP_ORGANISATION: ldap
LDAP_DOMAIN: ldap.net
LDAP_BASE_DN: dc=ldap,dc=net
LDAP_TLS_VERIFY_CLIENT: never
LDAP_TLS_CRT_FILENAME: cert.pem
LDAP_TLS_KEY_FILENAME: key.key
LDAP_TLS_CA_CRT_FILENAME: ca.pem
volumes:
- /srv/ldap:/container/service/slapd/assets/config/bootstrap/ldif/custom
- /srv/ldap/data:/var/lib/ldap
- /srv/ldap/slap.d:/etc/ldap/slapd.d
command: --loglevel debug --copy-service
ports:
- "636:636"
- "389:389"
networks:
- web
- websecure

What ever I try it does not seem to take the cert that I placed in. I've used self signed and let's encrypt certs. Both have issues

bjozet commented

Add a volume or bind-mount for TLS-related files under /container/service/slapd/assets/certs, where your certificates will be picked up.

See:
https://github.com/osixia/docker-openldap/blob/master/image/service/slapd/assets/certs/README.md