starred/lldap-lldap

Fork 0

mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00

[GH-ISSUE #460] Ability to use ldap over SSL/TLS #172

New issue

Closed

opened 2026-02-27 08:15:40 +03:00 by kerem · 5 comments

kerem commented

2026-02-27 08:15:40 +03:00

Owner

Originally created by @mitchins on GitHub (Feb 25, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/460

I scoured the documents and issues but couldn't see any information about SSL/TLS.

Is there either support for it, a work around or helper proxy or any planned support for it?

I know in most cases it's probably running inside a docker overlay network that's secure, but I'm just considering opening it up to other machines on the network.

Thanks, I love the software, it's so slick and easy to use.

Originally created by @mitchins on GitHub (Feb 25, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/460 I scoured the documents and issues but couldn't see any information about SSL/TLS. Is there either support for it, a work around or helper proxy or any planned support for it? I know in most cases it's probably running inside a docker overlay network that's secure, but I'm just considering opening it up to other machines on the network. Thanks, I love the software, it's so slick and easy to use.

kerem

2026-02-27 08:15:40 +03:00

closed this issue
added the
documentation
label

kerem commented

2026-02-27 08:15:41 +03:00

Author

Owner

@nitnelave commented on GitHub (Feb 26, 2023):

I think you're looking for LDAPS :) See the config for the relevant options.

On Sun, 26 Feb 2023, 00:22 Mitchell Currie, @.***>
wrote:

I scoured the documents and issues but couldn't see any information about
SSL/TLS.

Is there either support for it, a work around or helper proxy or any
planned support for it?

I know in most cases it's probably running inside a docker overlay network
that's secure, but I'm just considering opening it up to other machines on
the network.

Thanks, I love the software, it's so slick and easy to use.

—
Reply to this email directly, view it on GitHub
https://github.com/nitnelave/lldap/issues/460, or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAGCPWJVV6WSZKTGMHSFGQLWZKHZXANCNFSM6AAAAAAVIDVXJ4
.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

@nitnelave commented on GitHub (Feb 26, 2023): I think you're looking for LDAPS :) See the config for the relevant options. On Sun, 26 Feb 2023, 00:22 Mitchell Currie, ***@***.***> wrote: > I scoured the documents and issues but couldn't see any information about > SSL/TLS. > > Is there either support for it, a work around or helper proxy or any > planned support for it? > > I know in most cases it's probably running inside a docker overlay network > that's secure, but I'm just considering opening it up to other machines on > the network. > > Thanks, I love the software, it's so slick and easy to use. > > — > Reply to this email directly, view it on GitHub > <https://github.com/nitnelave/lldap/issues/460>, or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAGCPWJVV6WSZKTGMHSFGQLWZKHZXANCNFSM6AAAAAAVIDVXJ4> > . > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >

kerem commented

2026-02-27 08:15:41 +03:00

Author

Owner

@mitchins commented on GitHub (Feb 26, 2023):

Thanks, most of that's on me... I didn't know to search for LDAPS as I am just a casual user of the LDAP, however I do search for "certificate" or "ssl".
In an effort to help anyone else I have raised
https://github.com/nitnelave/lldap/pull/461

If it seems like overkill feel free to closeit.

@mitchins commented on GitHub (Feb 26, 2023): Thanks, most of that's on me... I didn't know to search for LDAPS as I am just a casual user of the LDAP, however I do search for "certificate" or "ssl". In an effort to help anyone else I have raised https://github.com/nitnelave/lldap/pull/461 If it seems like overkill feel free to closeit.

kerem commented

2026-02-27 08:15:41 +03:00

Author

Owner

@nuka-cola commented on GitHub (Mar 29, 2023):

Would it be too much to ask to integrate into LLDAP the ability to use Let'sEncrypt/Acme to auto generate and manage the certificates from the webui? Bonus points if it can utilize the DNS API challenges instead of exposing ports to the internet. It could even just be a nice front-end to the Dehydrate script (if that can be embedded without challenge).

@nuka-cola commented on GitHub (Mar 29, 2023): Would it be too much to ask to integrate into LLDAP the ability to use Let'sEncrypt/Acme to auto generate and manage the certificates from the webui? Bonus points if it can utilize the DNS API challenges instead of exposing ports to the internet. It could even just be a nice front-end to the Dehydrate script (if that can be embedded without challenge).

kerem commented

2026-02-27 08:15:41 +03:00

Author

Owner

@nitnelave commented on GitHub (Mar 29, 2023):

This is better handled outside LLDAP: with a reverse proxy like traefik, you can configure it to highjack the request to .well-known/ to reply to the HTTP challenge, and then you can mount the certificates in the LLDAP container.

@nitnelave commented on GitHub (Mar 29, 2023): This is better handled outside LLDAP: with a reverse proxy like traefik, you can configure it to highjack the request to .well-known/ to reply to the HTTP challenge, and then you can mount the certificates in the LLDAP container.

kerem commented

2026-02-27 08:15:41 +03:00

Author

Owner

@nitnelave commented on GitHub (Mar 30, 2023):

Example traefik config:

traefik.yml:


acme:
  storage: "/etc/traefik/acme/acme.json"
  entryPoint: "https"
  onHostRule: true
  onDemand: true
  httpChallenge:
    entryPoint: "http"

certificatesResolvers:
  letsEncrypt:
    acme:
      email: your@email.com
      storage: /etc/traefik/acme/acme.json
      httpChallenge:
        # used during the challenge
        entryPoint: http

dynamic/letsencrypt.yml:

http:
  routers:
    letsencrypt:
      rule: "PathPrefix(`/.well-known/acme-challenge/`)"
      entrypoints: https
      tls: true
      priority: 1000
      service: acme-http@internal

@nitnelave commented on GitHub (Mar 30, 2023): Example traefik config: traefik.yml: ```yaml acme: storage: "/etc/traefik/acme/acme.json" entryPoint: "https" onHostRule: true onDemand: true httpChallenge: entryPoint: "http" certificatesResolvers: letsEncrypt: acme: email: your@email.com storage: /etc/traefik/acme/acme.json httpChallenge: # used during the challenge entryPoint: http ``` dynamic/letsencrypt.yml: ```yaml http: routers: letsencrypt: rule: "PathPrefix(`/.well-known/acme-challenge/`)" entrypoints: https tls: true priority: 1000 service: acme-http@internal ```