-
-
Notifications
You must be signed in to change notification settings - Fork 168
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE REQUEST] Accept .pem input for CERT_FILE and KEY_FILE #740
Comments
Sorry, I'm just now having another look at the bug: there's nothing that cares about the file extension, it's not about .pem or .key or .crt. In both cases, I open the file myself and just pass the bytes to a function that extracts the key. I don't understand how copying can solve the issue. Are you sure it's not a misconfiguration and you didn't mount the correct files into the container? In particular, I would expect a very different error message if it was an unsupported format. |
Apologies for the late reply but indeed what I posted in my original post is indeed what I am still observing. I tried it again and renamed the file to privkey.pem and fullchain.pem and the container fails with the same error. I rename to .key and .crt and it works again. Permissions are unchanged. |
How do you configure it? How do you set the environment variables, or the values in the config file? |
Full environment variables and volume mounts below. For testing permissions were set to 777.
|
See the key reading code here: lldap/server/src/infra/ldap_server.rs Lines 107 to 149 in 6f905b1
Most importantly, all the functions trying to read a key are called with Regarding your initial error, the "No such file or directory" is from |
Motivation
Certbot and other tools generate .pem file types but LLDAP expects .crt and .key file types.
Describe the solution you'd like
Accept .pem format for CERT_FILE and KEY_FILE
Describe alternatives you've considered
A simple renaming of the file type works but it is an additional step, especially when it comes to renewal.
cp privkey.pem privkey.key
cp fullchain.pem fullchain.crt
Additional context
Environment Variables:
- LLDAP_LDAPS_OPTIONS__ENABLED=true
- LLDAP_LDAPS_OPTIONS__CERT_FILE=/certs/fullchain.pem
- LLDAP_LDAPS_OPTIONS__KEY_FILE=/certs/privkey.pem
Error Logs:
Loading configuration from /data/lldap_config.toml
2023-11-18T22:58:52.896096119+00:00 INFO set_up_server [ 4.10ms | 100.00% ]
2023-11-18T22:58:52.896128426+00:00 INFO ┝━ i [info]: Starting LLDAP version 0.5.1-alpha
2023-11-18T22:58:52.929989375+00:00 INFO ┕━ i [info]: Starting the LDAP server on port 3890
2023-11-18T22:58:52.930173015+00:00 ERROR 🚨 [error]: Could not bring up the servers: while binding the LDAP server: while setting up the SSL certificate: No such file or directory (os error 2)
2023-11-18T22:58:52.930450496+00:00 INFO i [info]: End.
The text was updated successfully, but these errors were encountered: