LDAPS CA Certificate not working #6426
Comments
maxdallmair
added
the
0. Needs triage
|
Hi, can you post the output of |
|
Sure, thanks for the quick response! The output is: In the folder is the certificate placed |
|
Ok, can you alao post the outout of |
|
Sure. I have changed the TLD to cloud.domain.tld in the logs, normally it shows the configured URL 2025-05-20 04:01:43.507428+00 User required to trust additional CA certificates, running 'update-ca-certificates.' ✓ Fetched /hosting/discovery endpoint Collabora URL (used for Nextcloud to contact the Collabora server):
|
|
Is there any additional information you need? |
|
The logs look fine honestly. And |
|
Hmm, yes, when I run the command and run then I want to use ldaps://FQDN and trying it also with ldaps://IP and port 636 both works without check "Switch off the SSL certificate check." |
|
So it seems to work? What am I missing? |
|
Ah, sorry, I mean when I check "Switch off the SSL certificate check." it works. When I uncheck it, it does not work. Tested / saw it on the Configuration wrong or right and trying with test configuration and user sync. |
|
I see. I fear this might be a general Nextcloud server issue. Probably best if you report this to https://github.com/nextcloud/server since we only bundle the server software here. |
Hello everyone,
I am running a Nextcloud AIO instance with docker-compose.
I have installed and configured the LDAP plugin. With the check mark in the setting “Turn off SSL certificate verification.” the connection also works promptly. Unfortunately not with SSL.
I have set the ENV variable NEXTCLOUD_TRUSTED_CACERTS_DIR: /srv/nextcloud/ssl where my ROOTCA.crt is located in my compose.
According to this guide, that's the only thing to do. GitHub - nextcloud/all-in-one: 📦 The official Nextcloud installation method. Provides easy deployment and maintenance with most features included in this one Nextcloud instance.
Unfortunately, the connection does not work. I then executed the following command, which I found in a Git issue.
sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:certificates:import /usr/local/share/ca-certificates/ROOTCA-JO-DC.crt
The certificate is then also displayed with this command. Unfortunately, the connection still does not work.
sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ security:certificates
ldaps and Port 636 is configured.
Output of
sudo docker infoClient: Docker Engine - Community
Version: 28.0.1
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.21.1
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.33.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 12
Running: 10
Paused: 0
Stopped: 2
Images: 23
Server Version: 28.0.1
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local splunk syslog
Swarm: inactive
Runtimes: runc io.containerd.runc.v2
Default Runtime: runc
Init Binary: docker-init
containerd version: bcc810d6b9066471b0b6fa75f557a15a1cbf31bb
runc version: v1.2.4-0-g6c52b3f
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1.0-35-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 3.823GiB
Name: cloud
ID: 8b885316-a703-4fda-a7e2-d8187eba8786
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
::1/128
127.0.0.0/8
Live Restore Enabled: false
Docker run command or docker-compose file that you used
services:
nextcloud-aio-mastercontainer:
image: ghcr.io/nextcloud-releases/all-in-one:latest
init: true
restart: always
container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
volumes:
- nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
- /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
network_mode: bridge # add to the same network as docker run would do
ports:
- 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
- 8080:8080
- 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
environment: # Is needed when using any of the options below
NEXTCLOUD_TRUSTED_CACERTS_DIR: /srv/nextcloud/ssl # CA certificates in this directory will be trusted by the OS of the nextcloud container (Useful e.g. for LDAPS) See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certification-authorities-ca
volumes: # If you want to store the data on a different drive, see https://github.com/nextcloud/all-in-one#how-to-store-the-filesinstallation-on-a-separate-drive
nextcloud_aio_mastercontainer:
name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
The text was updated successfully, but these errors were encountered: