starred/lldap-lldap

Fork 0

mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00

[GH-ISSUE #813] [FEATURE REQUEST] Add support for https #292

New issue

Open

opened 2026-02-27 08:16:26 +03:00 by kerem · 5 comments

kerem commented

2026-02-27 08:16:26 +03:00

Owner

Originally created by @ykhemani on GitHub (Jan 23, 2024).
Original GitHub issue: https://github.com/lldap/lldap/issues/813

Motivation
Allow secure (https) communication for the web interface to lldap so that communication between the browser and lldap isn't in plaintext.

Describe the solution you'd like

Add support for environment variable to add enable https (LLDAP_HTTPS_OPTIONS__ENABLED). Default to false. Set to true to enable https.
Add support for environment variable to set https private key file (LLDAP_HTTPS_OPTIONS__KEY_FILE).
Add support for environment variable to set https cert file ( LLDAP_HTTPS_OPTIONS__CERT_FILE). Can contain just the certificate or the cert and cert chain.
Add support for environment variable to set https CA cert file ( LLDAP_HTTPS_OPTIONS__CA_CERT_FILE). Can contain the CA cert.

Describe alternatives you've considered
You could use a reverse proxy and have it terminate TLS. The connection from the reverse proxy to lldap would still be clear text, of course.

Originally created by @ykhemani on GitHub (Jan 23, 2024). Original GitHub issue: https://github.com/lldap/lldap/issues/813 **Motivation** Allow secure (https) communication for the web interface to lldap so that communication between the browser and lldap isn't in plaintext. **Describe the solution you'd like** * Add support for environment variable to add enable https (LLDAP_HTTPS_OPTIONS__ENABLED). Default to false. Set to true to enable https. * Add support for environment variable to set https private key file (LLDAP_HTTPS_OPTIONS__KEY_FILE). * Add support for environment variable to set https cert file ( LLDAP_HTTPS_OPTIONS__CERT_FILE). Can contain just the certificate or the cert and cert chain. * Add support for environment variable to set https CA cert file ( LLDAP_HTTPS_OPTIONS__CA_CERT_FILE). Can contain the CA cert. **Describe alternatives you've considered** You could use a reverse proxy and have it terminate TLS. The connection from the reverse proxy to lldap would still be clear text, of course.

kerem added the

labels

2026-02-27 08:16:26 +03:00

kerem commented

2026-02-27 08:16:27 +03:00

Author

Owner

@nitnelave commented on GitHub (Jan 23, 2024):

Reverse proxy is the recommended setup. Is there any reason that doesn't work for you?

@nitnelave commented on GitHub (Jan 23, 2024): Reverse proxy is the recommended setup. Is there any reason that doesn't work for you?

kerem commented

2026-02-27 08:16:27 +03:00

Author

Owner

@ykhemani commented on GitHub (Jan 24, 2024):

Reverse proxy is the recommended setup. Is there any reason that doesn't work for you?

Indeed, it can work. Having this allows you to have end-to-end encryption without another layer.

@ykhemani commented on GitHub (Jan 24, 2024): > Reverse proxy is the recommended setup. Is there any reason that doesn't work for you? Indeed, it can work. Having this allows you to have end-to-end encryption without another layer.

kerem commented

2026-02-27 08:16:27 +03:00

Author

Owner

@nitnelave commented on GitHub (Jan 24, 2024):

Alright, since we have a working solution, I'm not going to fix it myself. If someone wants to come and implement it, be my guest.

@nitnelave commented on GitHub (Jan 24, 2024): Alright, since we have a working solution, I'm not going to fix it myself. If someone wants to come and implement it, be my guest.

kerem commented

2026-02-27 08:16:27 +03:00

Author

Owner

@fsdrw08 commented on GitHub (Apr 10, 2024):

Any updates for this request?

@fsdrw08 commented on GitHub (Apr 10, 2024): Any updates for this request?

kerem commented

2026-02-27 08:16:27 +03:00

Author

Owner

@nitnelave commented on GitHub (Apr 10, 2024):

Any updates for this request?

See the message above: I'm not going to work on that, but I'll accept contributions.

Note that a reverse proxy that provides HTTPS to the external world but HTTP inside the host is often more than enough.

@nitnelave commented on GitHub (Apr 10, 2024): > Any updates for this request? See the message above: I'm not going to work on that, but I'll accept contributions. Note that a reverse proxy that provides HTTPS to the external world but HTTP inside the host is often more than enough.