working custom certificates from Letsencrypt.

Author: AnalogJ

.gitignore

@@ -0,0 +1 @@
+certs

Dockerfile

@@ -8,6 +8,7 @@ ENV LDAP_DOMAIN=planetexpress.com
 ENV LDAP_ORGANISATION="Planet Express, Inc."
 ENV LDAP_BINDDN="cn=admin,dc=planetexpress,dc=com"
 ENV LDAP_SECRET=GoodNewsEveryone
+ENV LDAP_CA_CERT="/etc/ldap/ssl/fullchain.crt"
 ENV LDAP_SSL_KEY="/etc/ldap/ssl/ldap.key"
 ENV LDAP_SSL_CERT="/etc/ldap/ssl/ldap.crt"
 ENV LDAP_FORCE_STARTTLS="false"

LETSENCRYPT_CERTS.md

@@ -0,0 +1,40 @@
+# LetsEncrypt Certificates for OpenLDAP
+- Use https://github.com/matrix-org/docker-dehydrated#behaviour
+    ```
+    mkdir data
+    echo "ldap.customdomain.com" > data/domains.txt
+
+    # create a docker-compose.yml file
+    version: '2'
+    services:
+      dehydrated:
+        image: docker.io/matrixdotorg/dehydrated
+        restart: unless-stopped
+        volumes:
+          - ./data:/data
+        environment:
+          - DEHYDRATED_GENERATE_CONFIG=yes
+          - DEHYDRATED_CA="https://acme-v02.api.letsencrypt.org/directory"
+          # - DEHYDRATED_CA="https://acme-staging-v02.api.letsencrypt.org/directory"
+          - DEHYDRATED_CHALLENGE="dns-01"
+          - DEHYDRATED_KEYSIZE="4096"
+          - DEHYDRATED_HOOK="/usr/local/bin/lexicon-hook"
+          - DEHYDRATED_RENEW_DAYS="30"
+          - DEHYDRATED_KEY_RENEW="yes"
+          - DEHYDRATED_EMAIL="[email protected]"
+          - DEHYDRATED_ACCEPT_TERMS=yes
+          - PROVIDER=cloudflare
+          - LEXICON_CLOUDFLARE_USERNAME
+          - LEXICON_CLOUDFLARE_TOKEN
+
+
+    #run docker compose
+    docker-compose up
+    ```
+
+# Copy Certificates to correct directory
+```
+cp fullchain-*.pem ldap/fullchain.crt
+cp cert-*.pem ldap/ldap.crt
+cp privkey-1623520297.pem ldap/ldap.key
+```

rootfs/opt/openldap/bootstrap/config/tls.ldif

@@ -1,5 +1,8 @@
 dn: cn=config
 changetype: modify
+replace: olcTLSCACertificateFile
+olcTLSCACertificateFile: /etc/ldap/ssl/fullchain.crt
+-
 replace: olcTLSCertificateFile
 olcTLSCertificateFile: /etc/ldap/ssl/ldap.crt
 -