Can't make LDAPS or STARTT-TLS for LDAP work

Hi everyone!

I have owncloud 10.4.1 (stable) installed with docker and i’m can’t make LDAPS or STARTT-TLS for LDAP work. Instead of this simple LDAP works just fine.

What I’ve did:


This text will be hidden

  1. Put ca-certificates into container with owncloud
  2. Put edited /etc/ldap/ldap.conf into container with owncloud, it’s edited like this:

BASE dc=mydomain,dc=com
URI ldaps://
#DEREF never
# TLS certificates (needed for GnuTLS)
tls_reqcert hard
tls_cacert /usr/local/share/ca-certificates/mydomainroot.cer
#tls_cacertdir /usr/local/share/ca-certificates/

AD server have 636 port open, i can connect to it with telnet and ldapsearch from host where docker is running.

I’m fithing with this almost a day, but still can’t get it done, ithik my mistake is somwhere in config files inside docker container, but where? May be it’s in some other place and i can’t find it out.

Please, help))

What kind of docker container are you running? I don’t think the ldap.conf changes anything in ownCloud.
I also don’t think it’s a good idea to change the tlc_cacert to a single certificate. Why did you do that? Did you find any guides that recommended that?

I would recommend to add your certificate to the internal ownCloud certificate storage like so:

1 Like

Thank you for the answer

It’s owncloud/server:10.4.1

In /etc/openldap/ldap.conf you must:
Either set TLS_CACERT /etc/openldap/cacerts/YOURCERT.pfx
Or set TLS_CACERTDIR /etc/openldap/cacerts/
The first one constrains you to a specific cert.
The latter tries all of them in the directory.

I would recommend to add your certificate to the internal ownCloud certificate storage like so:

I will try this method and describe the results, thanks once again)



I’ve tried to use this:

> docker exec -u www-data owncloud_mydomain occ security:certificates:import /opt/owncloud_mydomain/mydomain.crt

but then i got this message

certificate not found

I’ ve also tried *.pem and *.cer format, however this does’n help

You will have to docker cp the certificate file into the container first:

docker cp /path/to/cert/on/docker0/mydomain.crt owncloud_mydomain:/path/inside/docker/container/mydomain.crt
#then you can rerun your command, I'm pretty sure you don't need -u www-data, I prefer to interactively exec into the container
docker exec -ti owncloud_mydomain entrypoint bash
occ security:certificates:import /path/inside/docker/container/mydomain.crt
1 Like