First Last Prev Next    This bug is not in your last search results.
Bug 51346 - Valid LDAP ssl certificate port needed
Valid LDAP ssl certificate port needed
Status: NEW
Product: UCS
Classification: Unclassified
Component: LDAP
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-23 20:16 CEST by b1nch0
Modified: 2020-05-25 08:30 CEST (History)
1 user (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): SAML, Security, Usability, Workaround is available
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description b1nch0 2020-05-23 20:16:40 CEST 
there is no "valid" ssl ldap port ( and it was needed for an app refusing to talk with self signies  ), but that would be easy 

current workaround:

* add regular debian sources, apt update ;apt install supervisor socat
* generate letsencrypt certs
* ucr set  security/packetfilter/tcp/6636/all=ACCEPT

*create file /etc/supervisord/conf.d/ldapssl.conf

```
[program:ldapsocat]
command=/bin/bash -c "cat /etc/univention/letsencrypt/domain.key /etc/univention/letsencrypt/signed_chain.crt > /tmp/sle.pem;sleep 5; timeout 1d socat openssl-listen:6636,reuseaddr,verify=0,cert=/tmp/sle.pem,cafile=/etc/univention/letsencrypt/signed_chain.crt,fork TCP:192.168.178.11:7389"
stderr_logfile = /var/log/ldapsocat-stderr.log
stdout_logfile = /var/log/ldapsocat-stdout.log
```
First Last Prev Next    This bug is not in your last search results.