Description
I have my server key/cert and ca cert in /opt/certs. I have a yaml file /opt/ldap/ldap-service.yaml that contains:
LDAP_TLS_CRT_FILENAME: "server.crt"
LDAP_TLS_KEY_FILENAME: "server.key"
...etc...
I run the docker-openldap container with:
$ sudo docker run --name ldap-service -p 389:389 --volume /opt/certs:/container/service/slapd/assets/certs --volume /var/lib/ldap:/var/lib/ldap --volume /etc/ldap/slapd.d:/etc/ldap/slapd.d --volume /opt/ldap/ldap-service.yaml:/container/environment/01-custom/env.yaml --detach osixia/openldap:1.1.10
It starts up, I can run an ldapsearch on it and all is well. If I:
- Change the name of my server cert by moving server.crt to server2.crt
- Update the yaml file to reflect server2.crt
- Stop and kill the ldap-service container
- Run the same docker run command
The container will fail during startup saying in the logs:
Key file /container/service/slapd/assets/certs/server.key exists but not certificate file /container/service/slapd/assets/certs/server.crt
It shouldn't exist, because I moved server.crt to server2.crt. Unfortunately my variable from the yaml file isn't getting picked up this time. This may be related to how I am persisting /etc/ldap/slapd.d as I see references to the old "server.crt" in there. I can work around this problem by doing either one of the two:
- Instead of passing LDAP_TLS_CRT_FILENAME: "server2.crt" in the yaml file, I can pass it to docker run via --env LDAP_TLS_CRT_FILENAME=server2.crt This is lame because I'd really like to keep managing this variable via the yaml file.
- Deleting the /etc/ldap/slapd.d directory (which then forces me to delete the /var/lib/ldap directory). This isn't so great as I'd like these to persist!
What I'd really like is for the yaml environment variables to be used when persisting /etc/ldap/slapd.d. Note: This was all hand-typed in, not copy pasted so please forgive any minor typos, though I have done my best to type everything in character-for-character.