Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Identity Provider - LDAP cannot use LDAPS when certificate signed by unknown authority #7888

Open
2 tasks done
K-J-VV opened this issue May 1, 2024 · 1 comment
Open
2 tasks done

[Bug]: Identity Provider - LDAP cannot use LDAPS when certificate signed by unknown authority #7888

K-J-VV opened this issue May 1, 2024 · 1 comment
Labels
auth bug Something isn't working resources

Comments

@K-J-VV
Copy link

K-J-VV commented May 1, 2024

Preflight Checklist

  • I could not find a solution in the documentation, the existing issues or discussions
  • I have joined the ZITADEL chat

Environment

Self-hosted

Version

No response

Database

CockroachDB

Database Version

No response

Describe the problem caused by this bug

I'm unable to join my self-hosted LDAP server (OpenLDAP) via LDAPS. It seems the issue is the certificates I am using on the LDAP server are self-signed and so Zitadel does not view these as 'secure enough'.

The specific Error is:
LDAP Result Code 200 "Network Error": tls: failed to verify certificate: x509: certificate signed by unknown authority

I believe the options to "work through" this is either:

  • Add the certificates as trusted by Zitadel
  • Add an option in the LDAP Identity Provider configuration to ignore/trust certificates signed by unknown authorities

Any help to resolve this would be great! Thank you in advance

To reproduce

The specific Error is:
LDAP Result Code 200 "Network Error": tls: failed to verify certificate: x509: certificate signed by unknown authority

Screenshots

No response

Expected behavior

No response

Operating System

No response

Relevant Configuration

No response

Additional Context

No response
@K-J-VV K-J-VV added the bug Something isn't working label May 1, 2024
@hifabienne hifabienne added the auth label May 2, 2024
@livio-a livio-a assigned livio-a and unassigned livio-a May 8, 2024
@livio-a
Copy link
Member

livio-a commented May 8, 2024

Let's allow management of the certificate through the LDAP IdP configuration

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auth bug Something isn't working resources
Projects
Product Management
Status: 🔖 Ready
Milestone
No milestone
Development

No branches or pull requests
3 participants
@livio-a @hifabienne @K-J-VV