Comment 1 Philipp Hahn 2016-12-03 09:31:31 CET

(In reply to Felix Botner from comment #0)
> Like Bug #42016, but for /etc/univention/ssl/ucsCA/CAcert.pem
> 
> HostCaCertificateAccess=True
> 
> 
> We need this non appbox docker apps (e.g. ldaps/ldap-TLS to the UCS ldap
> server)

Please do it right and fix Bug #39179 instead!

Comment 2 Felix Botner 2016-12-05 10:14:23 CET

(In reply to Philipp Hahn from comment #1)
> (In reply to Felix Botner from comment #0)
> > Like Bug #42016, but for /etc/univention/ssl/ucsCA/CAcert.pem
> > 
> > HostCaCertificateAccess=True
> > 
> > 
> > We need this non appbox docker apps (e.g. ldaps/ldap-TLS to the UCS ldap
> > server)
> 
> Please do it right and fix Bug #39179 instead!

However Bug #39179 is fixed, we can't assume any docker container to be a "host in the domain".
Some docker images may not be based on the appbox UCS image and never will be real hosts in the domain, so we need a way to access the root CA (either */ssl/ucsCA/CAcert.pem or */ca-certificates/ucsCA.crt) from the container.
That is what this bug is about.

Comment 3 Erik Damrose 2017-07-17 12:48:08 CEST

I was just asked by an ISV about this feature, reason was the same as comment 0: ldaps/ldap-TLS to the UCS ldap server

Comment 4 Stefan Gohmann 2019-01-03 07:18:42 CET

This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018.

Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.