I have owncloud 10.4.1 (stable) installed with docker and i’m can’t make LDAPS or STARTT-TLS for LDAP work. Instead of this simple LDAP works just fine.
What I’ve did:
Summary
This text will be hidden
Put ca-certificates into container with owncloud
Put edited /etc/ldap/ldap.conf into container with owncloud, it’s edited like this:
BASE dc=mydomain,dc=com
URI ldaps://dc.mydomain.com:636 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never
# TLS certificates (needed for GnuTLS)
tls_reqcert hard
tls_cacert /usr/local/share/ca-certificates/mydomainroot.cer #tls_cacertdir /usr/local/share/ca-certificates/
AD server have 636 port open, i can connect to it with telnet and ldapsearch from host where docker is running.
I’m fithing with this almost a day, but still can’t get it done, ithik my mistake is somwhere in config files inside docker container, but where? May be it’s in some other place and i can’t find it out.
What kind of docker container are you running? I don’t think the ldap.conf changes anything in ownCloud.
I also don’t think it’s a good idea to change the tlc_cacert to a single certificate. Why did you do that? Did you find any guides that recommended that?
In /etc/openldap/ldap.conf you must:
Either set TLS_CACERT /etc/openldap/cacerts/YOURCERT.pfx
Or set TLS_CACERTDIR /etc/openldap/cacerts/
The first one constrains you to a specific cert.
The latter tries all of them in the directory.
You will have to docker cp the certificate file into the container first:
docker cp /path/to/cert/on/docker0/mydomain.crt owncloud_mydomain:/path/inside/docker/container/mydomain.crt
#then you can rerun your command, I'm pretty sure you don't need -u www-data, I prefer to interactively exec into the container
docker exec -ti owncloud_mydomain entrypoint bash
occ security:certificates:import /path/inside/docker/container/mydomain.crt