starred/docker-test-openldap
1
0
Fork 0
mirror of https://github.com/rroemhild/docker-test-openldap.git synced 2026-04-25 07:05:50 +03:00
Code Issues 14 Projects Releases 3 Packages Wiki Activity

[GH-ISSUE #40] Certificate in the rroemhild/test-openldap:latest #23

New issue
Open
opened 2026-02-27 16:47:41 +03:00 by kerem · 5 comments
kerem commented 2026-02-27 16:47:41 +03:00
Owner
Copy link

Originally created by @jskacel on GitHub (Aug 10, 2022).
Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/40

Since image was not rebuild for quite some time the cert is expired.

openldap@e87d0829de15:/etc/ldap/ssl$ openssl x509 -text -noout -in ldap.crt
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:2a:b4:e1:3b:c5:8f:c9:8e:0c:f3:99:5c:03:bb:fc:09:9d:1b:69
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = planetexpress.com
        Validity
            Not Before: Mar 11 13:28:52 2021 GMT
            Not After : Mar 11 13:28:52 2022 GMT
Originally created by @jskacel on GitHub (Aug 10, 2022). Original GitHub issue: https://github.com/rroemhild/docker-test-openldap/issues/40 Since image was not rebuild for quite some time the cert is expired. ``` openldap@e87d0829de15:/etc/ldap/ssl$ openssl x509 -text -noout -in ldap.crt Certificate: Data: Version: 3 (0x2) Serial Number: 3c:2a:b4:e1:3b:c5:8f:c9:8e:0c:f3:99:5c:03:bb:fc:09:9d:1b:69 Signature Algorithm: sha256WithRSAEncryption Issuer: CN = planetexpress.com Validity Not Before: Mar 11 13:28:52 2021 GMT Not After : Mar 11 13:28:52 2022 GMT ```
kerem commented 2026-02-27 16:47:42 +03:00
Author
Owner
Copy link

@rroemhild commented on GitHub (Aug 25, 2022):

Thanks for this info. I think I should change the container registry to i.e. GitHub. It seems that with docker hub in the free plan it is no longer possible to start a rebuild from the image.

<!-- gh-comment-id:1226911645 --> @rroemhild commented on GitHub (Aug 25, 2022): Thanks for this info. I think I should change the container registry to i.e. GitHub. It seems that with docker hub in the free plan it is no longer possible to start a rebuild from the image.
kerem commented 2026-02-27 16:47:42 +03:00
Author
Owner
Copy link

@jskacel commented on GitHub (Aug 25, 2022):

Another solution would be to create cert everytime it start.. Or maybe have special command which users can run..

eg. docker run -v path_for_certs:/etc/ldap/ssl rroemhild/test-openldap generate_certs.sh and then mount it to normal image :)

<!-- gh-comment-id:1226916163 --> @jskacel commented on GitHub (Aug 25, 2022): Another solution would be to create cert everytime it start.. Or maybe have special command which users can run.. eg. `docker run -v path_for_certs:/etc/ldap/ssl rroemhild/test-openldap generate_certs.sh` and then mount it to normal image :)
kerem commented 2026-02-27 16:47:42 +03:00
Author
Owner
Copy link

@paulkitt commented on GitHub (Sep 1, 2022):

Yes a new working image would be great. The image from docker hub works great for simple testing.
We build the image our self with some changes for the users and groups and its not starting up with the current Dockerfile.

Atm the project seems broken.

<!-- gh-comment-id:1234213304 --> @paulkitt commented on GitHub (Sep 1, 2022): Yes a new working image would be great. The image from docker hub works great for simple testing. We build the image our self with some changes for the users and groups and its not starting up with the current Dockerfile. Atm the project seems broken.
kerem commented 2026-02-27 16:47:42 +03:00
Author
Owner
Copy link

@rroemhild commented on GitHub (Sep 2, 2022):

The certificate should be created with rootfs/etc/cont-init.d/010-tls-certificates on every new container.

Output from docker run:

[cont-init.d] 010-tls-certificates: executing... 
+ [[ -f /etc/ldap/ssl/ldap.key ]]
Make self-signed certificate for planetexpress.com...
+ echo 'Make self-signed certificate for planetexpress.com...'
+ openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt
Generating a RSA private key
.....................................+++++
.................................+++++
writing new private key to '/etc/ldap/ssl/ldap.key'
-----
+ chmod 600 /etc/ldap/ssl/ldap.key
[cont-init.d] 010-tls-certificates: exited 0
<!-- gh-comment-id:1235314845 --> @rroemhild commented on GitHub (Sep 2, 2022): The certificate should be created with `rootfs/etc/cont-init.d/010-tls-certificates` on every new container. Output from docker run: ``` [cont-init.d] 010-tls-certificates: executing... + [[ -f /etc/ldap/ssl/ldap.key ]] Make self-signed certificate for planetexpress.com... + echo 'Make self-signed certificate for planetexpress.com...' + openssl req -subj /CN=planetexpress.com -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout /etc/ldap/ssl/ldap.key -out /etc/ldap/ssl/ldap.crt Generating a RSA private key .....................................+++++ .................................+++++ writing new private key to '/etc/ldap/ssl/ldap.key' ----- + chmod 600 /etc/ldap/ssl/ldap.key [cont-init.d] 010-tls-certificates: exited 0 ```
kerem commented 2026-02-27 16:47:42 +03:00
Author
Owner
Copy link

@jskacel commented on GitHub (Oct 26, 2022):

I've tried to run new container, but it's not recreated:

# podman run --rm --name ldap-test -p 11389:10389 -p 11636:10636 -e LDAP_BASEDN="dc=planetexpress,dc=com" docker.io/rroemhild/test-openldap
63591fe5 @(#) $OpenLDAP: slapd  (Feb 14 2021 18:32:34) $
	Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
63591fe6 slapd starting
<!-- gh-comment-id:1291920096 --> @jskacel commented on GitHub (Oct 26, 2022): I've tried to run new container, but it's not recreated: ``` # podman run --rm --name ldap-test -p 11389:10389 -p 11636:10636 -e LDAP_BASEDN="dc=planetexpress,dc=com" docker.io/rroemhild/test-openldap 63591fe5 @(#) $OpenLDAP: slapd (Feb 14 2021 18:32:34) $ Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org> 63591fe6 slapd starting ```
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
revert-44-ship_crew_mail
v1.0
v2.5.0
v2.4.0
2.3
2.2
2.1
1.1
2.0
v1
1.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/docker-test-openldap#23
No description provided.