Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Certificate in the rroemhild/test-openldap:latest #40

Open
jskacel opened this issue Aug 10, 2022 · 5 comments
Open

Certificate in the rroemhild/test-openldap:latest #40

jskacel opened this issue Aug 10, 2022 · 5 comments

Comments

@jskacel
Copy link

jskacel commented Aug 10, 2022

Since image was not rebuild for quite some time the cert is expired.

openldap@e87d0829de15:/etc/ldap/ssl$ openssl x509 -text -noout -in ldap.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:2a:b4:e1:3b:c5:8f:c9:8e:0c:f3:99:5c:03:bb:fc:09:9d:1b:69
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = planetexpress.com
        Validity
            Not Before: Mar 11 13:28:52 2021 GMT
            Not After : Mar 11 13:28:52 2022 GMT
@rroemhild
Copy link
Owner

Thanks for this info. I think I should change the container registry to i.e. GitHub. It seems that with docker hub in the free plan it is no longer possible to start a rebuild from the image.

@jskacel
Copy link
Author

jskacel commented Aug 25, 2022

Another solution would be to create cert everytime it start.. Or maybe have special command which users can run..

eg. docker run -v path_for_certs:/etc/ldap/ssl rroemhild/test-openldap generate_certs.sh and then mount it to normal image :)

@paulkitt
Copy link

paulkitt commented Sep 1, 2022

Yes a new working image would be great. The image from docker hub works great for simple testing.
We build the image our self with some changes for the users and groups and its not starting up with the current Dockerfile.

Atm the project seems broken.

@rroemhild
Copy link
Owner

The certificate should be created with rootfs/etc/cont-init.d/010-tls-certificates on every new container.

Output from docker run:

[cont-init.d] 010-tls-certificates: executing... 
+ [[ -f /etc/ldap/ssl/ldap.key ]]
Make self-signed certificate for planetexpress.com...
+ echo 'Make self-signed certificate for planetexpress.com...'
+ openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt
Generating a RSA private key
.....................................+++++
.................................+++++
writing new private key to '/etc/ldap/ssl/ldap.key'
-----
+ chmod 600 /etc/ldap/ssl/ldap.key
[cont-init.d] 010-tls-certificates: exited 0

@jskacel
Copy link
Author

jskacel commented Oct 26, 2022
edited
Loading

I've tried to run new container, but it's not recreated:

# podman run --rm --name ldap-test -p 11389:10389 -p 11636:10636 -e LDAP_BASEDN="dc=planetexpress,dc=com" docker.io/rroemhild/test-openldap
63591fe5 @(#) $OpenLDAP: slapd  (Feb 14 2021 18:32:34) $
	Debian OpenLDAP Maintainers <[email protected]>
63591fe6 slapd starting

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rroemhild @paulkitt @jskacel