tiredofit / docker-openldap

Dockerized LDAP server with many customizable options
MIT License
110 stars 48 forks source link

TLS_DH_PARAM_PATH & TLS_DH_PARAM_FILENAME options don't work #19

Open moqmar opened 4 years ago

moqmar commented 4 years ago

It seems like in tls-enable.ldif and 10-openldap, the variables are mistakenly called ..._DH_PARAM_... and ..._DHPARAM_... in such an infortunate way that it will always use the default values.

moqmar commented 4 years ago

The same applies for some reason to TLS_CA_CRT_PATH, I couldn't find an obvious mistake here though... Edit: Seems like I'm only allowed to use either _PATH or _FILENAME?! Something weird is definitely going on here.

moqmar commented 4 years ago

Ah, just saw that this will be fixed with #8. The _PATH and _FILENAME options are still a bit confusing to me though.

tiredofit commented 4 years ago

There was some work in the past few weeks just on this so yes it may have been unintentionally broken. I am seeing the DH_PARAM environment variable issue and will issue a fix for that momentarily.

The logic is you should be able to set an independent path and independent cert/key/dhparam depending on your use case if you want to deviate from the default locations of /assets/slapd/certs. This popped up as many people were mapping their own certificate stores into that directory and the image was throwing an error when trying to change permissions on that directory and it was mapped as read only.

All defaults are /assets/functions/10-openldap.

I'd like to understand this more if you could explain in a usage case as to what you are seeing to try to unpack this..

tiredofit commented 4 years ago

New tag tiredofit/openldap:6.8.3 currently building on Docker Hub. If using openldap-fusiondirectory a new latest build will follow shortly thereafter which relies on this base image.