Closed CyrosX closed 4 years ago
nuxsmin
commented
4 years ago Hello @CyrosX
It seems that LDAP client on Docker container needs some config for connecting to a secure LDAP. It normally needs to have the CA and server certificates. There were some related issues (on sysPass repo) that could help to set the correct configuration.
The /etc/openldap/ldap.conf file is only used to configure an OpenLdap server, but you're configuring the client instead.
Regards
3XC1T3D
commented
4 years ago @CyrosX do you have TLS Aktiv? you should set ldaps://ldapserver.net OR TLS aktiv. not both.
You dont have to change the ldap.conf. Did you download your AD CA Certificate from your Active directory?
This is one possibility to download it via openssl
echo -n | openssl s_client -connect <LDAP_HOST>:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ldapserver.crtif you dont need any other CA, you can mount it on the /etc/ssl/certs/ca-certificates.crt in the container.
CyrosX
commented
4 years ago Thank you very much! We're using your updated docker-file that makes it more easy to include all needed certificates, and it works very fine.
Dear Nuxsmin / others, I've got a general problem. I've tried it with our own Linux VM sysPass and Docker but it seems there are SSL cert problems when trying to connect to the Active Directory by our Synology. (LDAPS credentials invalid (49) Without TLS turned on it says it requires more security. I've tried to set TLS_REQCERT to "allow" / "never" in /etc/ldap/ldap.conf but it does not seem to change anything. There are hints about a /etc/openldap/ldap.conf, but it does not seem to be in the docker container syspass-app, does it?