TLS_DH_PARAM_PATH & TLS_DH_PARAM_FILENAME options don't work
moqmar opened this issue · 4 comments
It seems like in tls-enable.ldif and 10-openldap, the variables are mistakenly called ..._DH_PARAM_...
and ..._DHPARAM_...
in such an infortunate way that it will always use the default values.
The same applies for some reason to TLS_CA_CRT_PATH
, I couldn't find an obvious mistake here though...
Edit: Seems like I'm only allowed to use either _PATH
or _FILENAME
?! Something weird is definitely going on here.
Ah, just saw that this will be fixed with #8. The _PATH
and _FILENAME
options are still a bit confusing to me though.
There was some work in the past few weeks just on this so yes it may have been unintentionally broken. I am seeing the DH_PARAM environment variable issue and will issue a fix for that momentarily.
The logic is you should be able to set an independent path and independent cert/key/dhparam depending on your use case if you want to deviate from the default locations of /assets/slapd/certs. This popped up as many people were mapping their own certificate stores into that directory and the image was throwing an error when trying to change permissions on that directory and it was mapped as read only.
All defaults are /assets/functions/10-openldap.
I'd like to understand this more if you could explain in a usage case as to what you are seeing to try to unpack this..
New tag tiredofit/openldap:6.8.3
currently building on Docker Hub. If using openldap-fusiondirectory
a new latest
build will follow shortly thereafter which relies on this base image.