bjozet
commented
3 months ago Add a volume or bind-mount for TLS-related files under /container/service/slapd/assets/certs, where your certificates will be picked up.
See: https://github.com/osixia/docker-openldap/blob/master/image/service/slapd/assets/certs/README.md
Having an issue when I restart openldap it reverts back to the a default generated certificates. Looking at the log I see this message: openldap_1 | DEBUG | 2024-05-17 15:42:32 | Hi! I'm ssl-helper, what button should i press ? openldap_1 | DEBUG | 2024-05-17 15:42:32 | cfssl-helper is launched, everybody on the floor! openldap_1 | INFO | 2024-05-17 15:42:32 | No certificate file and certificate key provided, generate: openldap_1 | INFO | 2024-05-17 15:42:32 | /container/run/service/slapd/assets/certs/cert.pem and /container/run/service/slapd/assets/certs/key.key openldap_1 | DEBUG | 2024-05-17 15:42:32 | use /container/run/service/:ssl-tools/assets/default-ca/config/req-csr.json.tmpl as csr file openldap_1 | DEBUG | 2024-05-17 15:42:32 | cfssl gencert -loglevel 0 -ca /tmp/ca-cert-file -ca-key /tmp/ca-key-file -hostname 20290e2cb6a0 /tmp/csr-file | cfssljson -bare /tmp/cert openldap_1 | 2024/05/17 15:42:32 [INFO] generate received request openldap_1 | 2024/05/17 15:42:32 [INFO] received CSR openldap_1 | 2024/05/17 15:42:32 [INFO] generating key: ecdsa-384
My docker compose configuration is this: openldap: restart: always image: osixia/openldap:latest environment: LDAP_ADMIN_PASSWORD: password LDAP_ORGANISATION: ldap LDAP_DOMAIN: ldap.net LDAP_BASE_DN: dc=ldap,dc=net LDAP_TLS_VERIFY_CLIENT: never LDAP_TLS_CRT_FILENAME: cert.pem LDAP_TLS_KEY_FILENAME: key.key LDAP_TLS_CA_CRT_FILENAME: ca.pem volumes:
What ever I try it does not seem to take the cert that I placed in. I've used self signed and let's encrypt certs. Both have issues