starred/lldap-lldap
1
0
Fork 0
mirror of https://github.com/lldap/lldap.git synced 2026-04-25 08:15:52 +03:00
Code Issues 101 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #1122] I'm too stupid for LDAPS #398

New issue
Closed
opened 2026-02-27 08:17:05 +03:00 by kerem · 9 comments
kerem commented 2026-02-27 08:17:05 +03:00
Owner
Copy link

Originally created by @darkwolf1000 on GitHub (Mar 4, 2025).
Original GitHub issue: https://github.com/lldap/lldap/issues/1122

Describe the bug
Tried uncomment LDAPS things but just got an error

To Reproduce
Steps to reproduce the behavior:
I tried uncommenting

  • LLDAP_LDAPS_OPTIONS__ENABLED=true
  • LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt
  • LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key
    got error
    0: while setting up the SSL certificate
    1: No such file or directory (os error 2)

Got
-rw-r--r-- 1 1000 1000 2216 Mar 4 18:50 ldap.crt
-rw------- 1 1000 1000 3272 Mar 4 18:49 ldap.key
in my cert folder

tried my own certificates with same RW rules got the same error

Expected behavior
To be honest not sure it never worked for me

Logs

Setup permissions..

Starting lldap..

Loading configuration from /data/lldap_config.toml

WARNING: A key_seed was given, we will ignore the key_file and generate one from the seed! Set key_file to an empty string in the config to silence this message.

WARNING: Unsecure default admin password is used.

2025-03-04T18:03:42.196783102+00:00 INFO set_up_server [ 40.3ms | 100.00% ]

2025-03-04T18:03:42.196803600+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.6.1

2025-03-04T18:03:42.244786321+00:00 INFO ┕━ i [info]: Starting the LDAP server on port 3890

Error: while binding the LDAP server

Caused by:

0: while setting up the SSL certificate

1: No such file or directory (os error 2)

Additional context
Host Arch VM using Portainer

Sorry if this is a duplicate but it's not described well enough to enable LDAPS

Originally created by @darkwolf1000 on GitHub (Mar 4, 2025). Original GitHub issue: https://github.com/lldap/lldap/issues/1122 **Describe the bug** Tried uncomment LDAPS things but just got an error **To Reproduce** Steps to reproduce the behavior: I tried uncommenting - LLDAP_LDAPS_OPTIONS__ENABLED=true - LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt - LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key got error 0: while setting up the SSL certificate 1: No such file or directory (os error 2) Got -rw-r--r-- 1 1000 1000 2216 Mar 4 18:50 ldap.crt -rw------- 1 1000 1000 3272 Mar 4 18:49 ldap.key in my cert folder tried my own certificates with same RW rules got the same error **Expected behavior** To be honest not sure it never worked for me **Logs** > Setup permissions.. > Starting lldap.. Loading configuration from /data/lldap_config.toml WARNING: A key_seed was given, we will ignore the key_file and generate one from the seed! Set key_file to an empty string in the config to silence this message. WARNING: Unsecure default admin password is used. 2025-03-04T18:03:42.196783102+00:00 INFO set_up_server [ 40.3ms | 100.00% ] 2025-03-04T18:03:42.196803600+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.6.1 2025-03-04T18:03:42.244786321+00:00 INFO ┕━ i [info]: Starting the LDAP server on port 3890 Error: while binding the LDAP server Caused by: 0: while setting up the SSL certificate 1: No such file or directory (os error 2) **Additional context** Host Arch VM using Portainer Sorry if this is a duplicate but it's not described well enough to enable LDAPS
kerem 2026-02-27 08:17:05 +03:00
  • closed this issue
  • added the
    bug
         label
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Mar 4, 2025):

Make sure that the files exist at the correct path inside the container, and that the container user has the right to read them. That's very setup-dependent, so there's not much more I can help with :/

<!-- gh-comment-id:2698534107 --> @nitnelave commented on GitHub (Mar 4, 2025): Make sure that the files exist at the correct path inside the container, and that the container user has the right to read them. That's very setup-dependent, so there's not much more I can help with :/
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@darkwolf1000 commented on GitHub (Mar 4, 2025):

The files created them self at the first try and are in the right directory but for some reason there is now a cert folder in my cert folder with
drwxr-xr-x 2 1000 1000 4 Mar 4 18:55 certs
and the files
-rw-r--r-- 1 1000 1000 2212 Mar 4 18:55 ldap.crt
-rw------- 1 1000 1000 3272 Mar 4 18:55 ldap.key

UID:1000
GID:1000

<!-- gh-comment-id:2698548957 --> @darkwolf1000 commented on GitHub (Mar 4, 2025): The files created them self at the first try and are in the right directory but for some reason there is now a cert folder in my cert folder with drwxr-xr-x 2 1000 1000 4 Mar 4 18:55 certs and the files -rw-r--r-- 1 1000 1000 2212 Mar 4 18:55 ldap.crt -rw------- 1 1000 1000 3272 Mar 4 18:55 ldap.key UID:1000 GID:1000
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Mar 4, 2025):

With the config that you posted, there should be in the container a ldap.crt file in the root folder (/ldap.crt)
Is that the case (again, inside the container)? How do you mount the files?

<!-- gh-comment-id:2698571576 --> @nitnelave commented on GitHub (Mar 4, 2025): With the config that you posted, there should be in the container a ldap.crt file in the root folder (/ldap.crt) Is that the case (again, inside the container)? How do you mount the files?
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@darkwolf1000 commented on GitHub (Mar 4, 2025):

lldap:
image: lldap/lldap:stable
ports:
- "389:3890"
- "636:6360"
- "17170:17170"
volumes:
- "/etc/lldap/lldap_data:/data"
# Alternatively, you can mount a local folder
# - "./lldap_data:/data"
environment:
- UID=1000
- GID=1000
- TZ=Europe/Berlin
- LLDAP_JWT_SECRET=yes
- LLDAP_KEY_SEED=yes
- LLDAP_LDAP_BASE_DN="yes"
- LDAP_USER_DN = "yes"
- LDAP_USER_PASS = "yes"
# If using LDAPS, set enabled true and configure cert and key path
- LLDAP_LDAPS_OPTIONS__ENABLED=true
- LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt
- LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key

Files are like

  1. /etc
  2.  /lldap

  3.     /lldap_data
     /ldap.crt
     /ldap.key

all from lldap is owed by 1000 with RW rules set by the container

<!-- gh-comment-id:2698591799 --> @darkwolf1000 commented on GitHub (Mar 4, 2025): lldap: image: lldap/lldap:stable ports: - "389:3890" - "636:6360" - "17170:17170" volumes: - "/etc/lldap/lldap_data:/data" # Alternatively, you can mount a local folder # - "./lldap_data:/data" environment: - UID=1000 - GID=1000 - TZ=Europe/Berlin - LLDAP_JWT_SECRET=yes - LLDAP_KEY_SEED=yes - LLDAP_LDAP_BASE_DN="yes" - LDAP_USER_DN = "yes" - LDAP_USER_PASS = "yes" # If using LDAPS, set enabled true and configure cert and key path - LLDAP_LDAPS_OPTIONS__ENABLED=true - LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt - LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key Files are like 1. /etc 2. /lldap 3. /lldap_data /ldap.crt /ldap.key all from lldap is owed by 1000 with RW rules set by the container
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Mar 4, 2025):

Apologies if I'm misreading, but you don't seem to actually mount the ldap.crt file, at least in the docker config you shared. Is it inside /data?

<!-- gh-comment-id:2698687018 --> @nitnelave commented on GitHub (Mar 4, 2025): Apologies if I'm misreading, but you don't seem to actually mount the ldap.crt file, at least in the docker config you shared. Is it inside /data?
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@darkwolf1000 commented on GitHub (Mar 4, 2025):

Its not

Image

i forgot that

  • LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt
  • LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key
    (and i tried /etc/lldap/certs:/certs with ...KEY_FILE=/certs/ldap.key)

was

  • LLDAP_LDAPS_OPTIONS__CERT_FILE=/etc/lldap/certs/ldap.crt
  • LLDAP_LDAPS_OPTIONS__KEY_FILE=/etc/lldap/certs/ldap.key

at first

<!-- gh-comment-id:2698739117 --> @darkwolf1000 commented on GitHub (Mar 4, 2025): Its not ![Image](https://github.com/user-attachments/assets/490c40fc-79b1-4bd3-962c-fa26b4c4efb7) i forgot that - LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt - LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key (and i tried /etc/lldap/certs:/certs with ...KEY_FILE=/certs/ldap.key) was - LLDAP_LDAPS_OPTIONS__CERT_FILE=/etc/lldap/certs/ldap.crt - LLDAP_LDAPS_OPTIONS__KEY_FILE=/etc/lldap/certs/ldap.key at first
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@nitnelave commented on GitHub (Mar 4, 2025):

Right, but AFAICT those files are not mounted inside the container. They exist outside, but not inside. Does what I say make sense?

<!-- gh-comment-id:2698761172 --> @nitnelave commented on GitHub (Mar 4, 2025): Right, but AFAICT those files are not mounted _inside the container_. They exist outside, but not inside. Does what I say make sense?
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@darkwolf1000 commented on GitHub (Mar 4, 2025):

even when copied to the lldap_data folder i get the same error with

  • LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt
  • LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key

even when they are mounted to /data/ldap.crt the won't get loaded

<!-- gh-comment-id:2698764420 --> @darkwolf1000 commented on GitHub (Mar 4, 2025): even when copied to the lldap_data folder i get the same error with - LLDAP_LDAPS_OPTIONS__CERT_FILE=/ldap.crt - LLDAP_LDAPS_OPTIONS__KEY_FILE=/ldap.key even when they are mounted to /data/ldap.crt the won't get loaded
kerem commented 2026-02-27 08:17:06 +03:00
Author
Owner
Copy link

@darkwolf1000 commented on GitHub (Mar 4, 2025):

nvm i forgor /data in front of the ldap.crt

cert files are now just thrown in /lldap_data

<!-- gh-comment-id:2698767606 --> @darkwolf1000 commented on GitHub (Mar 4, 2025): nvm i forgor /data in front of the ldap.crt cert files are now just thrown in /lldap_data
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/github_actions/codecov/codecov-action-6
copilot/fix-equality-filters-list-attributes
dependabot/github_actions/docker/build-push-action-7
dependabot/github_actions/docker/metadata-action-6
dependabot/github_actions/docker/setup-buildx-action-4
dependabot/github_actions/docker/login-action-4
copilot/update-download-artifact-action
copilot/fix-opensuse-warnings
copilot/fix-1268
copilot/fix-727
copilot/fix-898
copilot/fix-1256
copilot/fix-1251
copilot/fix-1249
copilot/fix-1206
user-attribute-form
user-ui
group-ui
server-user-attribute-schema
crates
haveibeenpwned
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.0.1
Labels
Clear labels   
backend

   
blocked

   
bug

   
cleanup

   
dependencies

   
docker

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
frontend

   
github_actions

   
good first issue

   
help wanted

   
help wanted

   
integration

   
invalid

   
ldap

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
rust

   
rust

   
tests

   
wontfix
No labels
backend
blocked
bug
cleanup
dependencies
docker
documentation
duplicate
enhancement
enhancement
frontend
github_actions
good first issue
help wanted
help wanted
integration
invalid
ldap
pull-request
question
rust
rust
tests
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/lldap-lldap#398
No description provided.