First of all, I’m impressed with Mayan and its scope, but unfortunately, I’m currently failing to connect Mayan to our Azure LDAP server.
A brief overview of my setup: I’m using MayanEDMS version 4.6.1 in a Docker container (Docker Compose from GitHub). Everything is working wonderfully so far.
Now, onto my problem:
I’m attempting to connect Mayan to LDAPs. To do this, I pass the SSL certificate via a volume in the Compose to the correct directory (/usr/local/share/ca-certificates). I can also verify this in the Docker container, and it seems to be correct. Now, to initially test if the connection to the LDAP server works, I update the certificates with update-ca-certificates, and I don’t receive any errors, just a message that a new certificate has been added. So far, so good.
Now, to test if the connection is established, I also install ldap-utils (all within the container) with apt install. I always do this initially and then modify the Compose a bit so that this all happens automatically at startup. However, when I run an ldapsearch on my server within the container (ldapsearch -x -H ldaps://ad.fake.de -D ‘fake@fake.de’ -W -b ‘OU=AADDC Users,DC=ad,DC=fake,DC=de’), I don’t get a connection. Allegedly, there’s no or incorrect SSL certificate.
I always do this in many other Docker applications and was therefore very surprised. To rule out that it’s the certificate causing the issue, I installed the certificate outside of the container on the host (same procedure as in the container), and I also installed ldap-utils on the host. After entering the command mentioned above, the connection worked perfectly (outside of the container on the host).
Now, of course, I’m wondering if I missed something. Unfortunately, there’s no proper guide that provides closer configuration details. I’ve also tried the instructions in ldap_connection_settings.py from GitHub and encountered the same error upon logging in
app-1 | attempting to connect:
app-1 | connect success
app-1 | TLS: peer cert untrusted or revoked (0x42)
app-1 | TLS: can’t connect: (unknown error code).
However, as described above, the certificate works perfectly outside of the container.