LDAPS TLS_Reqcert allow

Question

LDAPS TLS_Reqcert allow

maxulm opened this issue 3 years ago · 5 comments

maxulm commented 3 years ago

Hi,

is there a way to tell dolibarr or the underlying webserver to ignore the LDAPS-server-certificate?

Thanks and regards
Max

Answer 1 · 2021-09-03T09:59:43.000Z

@maxulm I don't understand your question ... can you please explain more about your architecture ...

Regards

Answer 2 · 2021-09-03T15:36:27.000Z

Hi @mathieupotier,
in my network exists an LDAP-Server being only available via LDAPS.
The certificate is self signed. Is there a way to tell the container to connect to this LDAP-Server in order to authenticate the users?

Answer 3 · 2021-09-03T16:26:13.000Z

@maxulm

Reading the issue through the internet : I think it could be possible, but I assume that there will be no official support for this in this image... (it's a security concern and not really related to Dolibarr itself ^_^)

https://www.dolibarr.org/forum/t/ad-auth-ldaps-connection-fails/19479

I suggest you to mount a volume inside the container with an updated version of /etc/ldap/ldap.conf passing the TLS_REQCERT parameter to the proper value...

Even if I think that creating a valid LetsEncrypt certificate should solve the issue and increase security... ^_^

NB : I did not see any option in the dolibarr ldap module to overcome this parameter on the fly ...

Regards

Answer 4 · 2021-09-05T09:00:15.000Z

Hi @mathieupotier that's the point.
I've already mounted a custom ldap.conf-file in the container, but it still doesn't work :/
Unforntunately using LetsEncrypt is not an option due to the fact I'm using local names ;-)

Answer 5 · 2022-06-28T11:57:58.000Z

I think we can close this issue.
If need, please open a new issue/PR.