search

ltb-project / self-service-password

Web interface to change and reset password in an LDAP directory
https://self-service-password.readthedocs.io/en/latest/
GNU General Public License v3.0
1.17k stars 327 forks source link

How to get LDAP StartTLS working from within Docker container? #955

Open dsclassen opened 3 months ago

dsclassen commented 3 months ago

My LDAP server is configured to only allow TLS connections. I have mounted the CA certificate and ldap.conf files into the docker container in an effort to get $ldap_starttls = true; to work:

docker run -d -p 8888:80 -v ./conf/ssp.conf.php:/var/www/conf/config.inc.local.php -v ./ldap/ldap.conf:/etc/ldap/ldap.conf -v ./ldap/ourCA.crt:/etc/ldap/certs/ourCA.crt  ltbproject/self-service-password:latest

but obviously this isn't helping...

[Mon Aug 05 19:50:57.206218 2024] [php:notice] [pid 20] [client 192.168.1.104:48244] Module Zxcvbn successfully loaded, referer: https://example.com/ssp-test?action=sendtoken
[Mon Aug 05 19:50:57.217688 2024] [php:warn] [pid 20] [client 192.168.1.104:48244] PHP Warning:  ldap_start_tls(): Unable to start TLS: Connect error in /var/www/vendor/ltb-project/ldap/src/Ltb/PhpLDAP.php on line 31, referer: https://example.com/ssp-test?action=sendtoken
[Mon Aug 05 19:50:57.217698 2024] [php:notice] [pid 20] [client 192.168.1.104:48244] LDAP - Unable to use StartTLS, referer: https://example.com/ssp-test?action=sendtoken
findlayfeng commented 3 months ago

LTS or StartTLS ? These are two different ways For TLS connection configuration, just use ldaps://xxx to configure the address. There is no need to enable StartTLS.