search

espocrm / espocrm-docker

Official Docker Image for EspoCRM
https://hub.docker.com/r/espocrm/espocrm
GNU Affero General Public License v3.0
56 stars 34 forks source link

LDAP/SSL: what location is checked for a CA cert? #7

Closed Mexonizator closed 2 years ago

Mexonizator commented 2 years ago

Hello!

I test a docker installation of EspoCRM. When trying to connect to AD using encryption, I get an error:

>>> Error 500: 0x51 (Can't contact LDAP server; (unknown error code)): ldaps://SERVER:3269 Which means that the CRM couldn't find the CA cert of the AD server. Ok, I googled it and learned that laminas-ldap is used which in turn uses OpenLdap libraries. And here's the problem: there's no OpenLDAP traces in the containers at all (or I couldn't find any).

Then I tried to share the CA from the host to the ssl dir but to no avail:

     - espocrm:/var/www/html
     - /etc/openldap/certs/CA.cer:/etc/ssl/certs/CA.cer

If using the standart port (389) without encryption, everything works fine, so it's not AD's config problem.

So, how is cert checking realised in the docker version of EspoCRM? Or is it a bug?

Any help would be appreciated. Thanks.

tmachyshyn commented 2 years ago

We will investigate this problem.

Mexonizator commented 2 years ago

Thanks.

In the end, it appears that the right path to the cert is

/etc/ssl/certs/ca-certificates.crt

But for it to work one needs to install libldap-common lib as the current docker hub image doesn't have it:

apt-get update && apt-get install libldap-common

tmachyshyn commented 2 years ago

Thanks for your suggestion. Fixed https://github.com/espocrm/docker/commit/417b529c5b7be54e409848a4a9edf5835ba794d8.