Closed rmibelgium closed 2 years ago
I guess there are probably other features of httpd
probably also can reach out to external services that might benefit from CA certificates, but I do wonder how common it is, especially with services that have a real valid certificate that ca-certificates
would include? I suppose the scaffolding around update-ca-certificates
is useful regardless, though, and I think we only get that with ca-certificates
installed so it probably makes sense to include in the image.
With FROM httpd:2.4.53-bullseye
Using LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule ldap_module modules/mod_ldap.so
<Directory "/web/"> AuthLDAPUrl "ldaps://ldapserver1 ldapserver2 ldapserver13/ou=People,dc=our,dc=organisation,dc=be?uid,cn,mail,gidNumber" AuthType Basic AuthBasicProvider ldap Require ldap-group cn=group1,ou=People,dc=our,dc=organisation,dc=be
The only error message I can get in error_log (even with LogLevel debug) is [Fri Apr 29 09:01:30.932273 2022] [authnz_ldap:info] [pid 38:tid 140135614097152] [client XXXXX:62127] AH01695: auth_ldap authenticate: user stephane authentication failed; URI /testURI/ [LDAP: ldap_simple_bind() failed][Can't contact LDAP server]
After doing apt update && apt install ca-certificates
Everything is working correctly.
Don't know what would be better: image modification, specification in the documentation or better debug messages from mod_ldap.