LDAPS TLS_Reqcert allow
maxulm opened this issue · 5 comments
Hi,
is there a way to tell dolibarr or the underlying webserver to ignore the LDAPS-server-certificate?
Thanks and regards
Max
@maxulm I don't understand your question ... can you please explain more about your architecture ...
Regards
Hi @mathieupotier,
in my network exists an LDAP-Server being only available via LDAPS.
The certificate is self signed. Is there a way to tell the container to connect to this LDAP-Server in order to authenticate the users?
Reading the issue through the internet : I think it could be possible, but I assume that there will be no official support for this in this image... (it's a security concern and not really related to Dolibarr itself ^_^)
https://www.dolibarr.org/forum/t/ad-auth-ldaps-connection-fails/19479
I suggest you to mount a volume inside the container with an updated version of /etc/ldap/ldap.conf
passing the TLS_REQCERT
parameter to the proper value...
Even if I think that creating a valid LetsEncrypt certificate should solve the issue and increase security... ^_^
NB : I did not see any option in the dolibarr ldap module to overcome this parameter on the fly ...
Regards
Hi @mathieupotier that's the point.
I've already mounted a custom ldap.conf-file in the container, but it still doesn't work :/
Unforntunately using LetsEncrypt is not an option due to the fact I'm using local names ;-)
I think we can close this issue.
If need, please open a new issue/PR.