Univention Bugzilla – Bug 51346
Valid LDAP ssl certificate port needed
Last modified: 2020-05-25 08:30:55 CEST
there is no "valid" ssl ldap port ( and it was needed for an app refusing to talk with self signies ), but that would be easy current workaround: * add regular debian sources, apt update ;apt install supervisor socat * generate letsencrypt certs * ucr set security/packetfilter/tcp/6636/all=ACCEPT *create file /etc/supervisord/conf.d/ldapssl.conf ``` [program:ldapsocat] command=/bin/bash -c "cat /etc/univention/letsencrypt/domain.key /etc/univention/letsencrypt/signed_chain.crt > /tmp/sle.pem;sleep 5; timeout 1d socat openssl-listen:6636,reuseaddr,verify=0,cert=/tmp/sle.pem,cafile=/etc/univention/letsencrypt/signed_chain.crt,fork TCP:192.168.178.11:7389" stderr_logfile = /var/log/ldapsocat-stderr.log stdout_logfile = /var/log/ldapsocat-stdout.log ```