Question: Modifying ldap.conf to include TLS_REQCERT = never

I am in process of setting up the LDAP connectors for a docker based build. I want to use ldaps to connect to the servers. I am able to connect over ldaps with ldp.exe so I know the server is configured correct but I am still unable to connect via ldaps from eramba.

The screen says to edit the ldap.conf. Is this on the eramba container?



You can try to put this into env file.


ref.: Need help ignoring server certificate while binding to LDAP server using PHP - Stack Overflow


I’m wondering if you got LDAPS working? I’m attempting to do the same thing, but I’m struggling to get it working in Ubuntu. I tried to add the TLS_REQCERT never to may ldap.conf file in /etc/ldap/ldap.conf and also to docker/overlay2 ldap.conf file but still can’t get it to connect. Using regular LDAP works without issue, but for security reasons we have to use LDAPS. Any suggestions would be greatly appreciated.


Did you add your ldaps server certificate in cacerts directory in your Ubuntu ?
If so, are you using the same ldap server ip or fqdn as the one you imported CA certificate from ?

If you are using a certificate, then you need it on the Linux server (docker image) as the post above mentions. If you do not have a certificate, what happens is the same it happens when you self-sign a certificate for a website and you try accessing it.

The configuration on the ldap client side when set to never (OpenLDAP 2.1 Administrator's Guide: Using TLS), basically says, well click “advanced” and lets move on as it is.

But that will only work if the server (your AD) is ok with that (see “TLSVerifyClient” on OpenLDAP 2.1 Administrator's Guide: Using TLS).

While we never had to tell a customer needing to do this, i would suggest you look at your AD configuration and logs to understand exactly what is going on. I repeat we never had a customer that could not solve an ldap issue (exception is those using Google LDAP services)

Sorry for the delay on this but I have been fighting a bit of the flu so have not been at my keyboard for a few days.
I was able to LDAPTLS_REQCERT=“never” suggestion to work but just adding the text to the .env file was not enough. I had to edit the docker-compose.simple-install.yml file to add a call to the environment variable.

Basically in the services section under eramba: environment: I added the line:
under the
line (order is not that important).

If this is not clear enough, let me know and I can give more detail. Again, I would prefer not to edit the yaml file but just adding a variable to the .env file is not enough for docker. This seemed like the best solution for us.

totally agree with you here, we’ll look at this on the next image release. thanks for the debug and solution.

ref.: Include TLS_REQCERT = never · Issue #39 · eramba/docker · GitHub

Thank you everyone for your help. Jim I used your suggestion and that worked for me.