docker-openldap: ldap_modify: error (80)

I got ldap_modify: Other (e.g., implementation specific) error (80) error during startup with godaddy certificate I start the container by

docker run -d -v $HOME/certs:/container/service/slapd/assets/certs \
    -h ldap.mycompany.com \
    --name=ldap \
    -e LDAP_TLS_CRT_FILENAME=425ddb461b040d25.crt \
    -e LDAP_TLS_KEY_FILENAME=mycompany_com.key \
    -e LDAP_TLS_CA_CRT_FILENAME=gd_bundle-g2-g1.crt \
    -e LDAP_ORGANISATION="My Company Inc." \
    -e LDAP_DOMAIN="mycompany.com" \
    osixia/openldap:1.0.9

but it exited with status 80. Here are the logs where it fails:

Use TLS
Files /container/service/slapd/assets/certs/425ddb461b040d25.crt and /container/service/slapd/assets/certs/planetmeican_com.key already exists
ldap_modify: Other (e.g., implementation specific) error (80)
modifying entry "cn=config"

*** /etc/my_init.d/slapd failed with status 80

*** Killing all processes...

At first i tried to use a self-signed certificate generated by openssl, but it seems that this image uses gnu-tls, and they’re incompatible, so it doesn’t work. After that i used certificate generated by this image, that works. but when i changed to godaddy certificate, i got this error. I even tried to replace gnutls with openssl in dockerfile and container-start.sh and rebuild the image, but got the same error

About this issue

Original URL
State: open
Created 8 years ago
Comments: 23 (1 by maintainers)

Most upvoted comments

It seems that somewhere the file names are hardcoded. When I return the default names (ca.crt, server.crt, server.key), I no longer meet this error.

Alesh on Oct 13, 2019

For me, check ./certs/dhparams to see if its size is 0. Removing it solves this problem.

silencej on Jul 16, 2020

I just wanted to add that I have experienced the same error during the first initialization of the container. In my case, I was using a self-signed certificate and forgot to provide the ca.crt file, which must in this case be identical to the cert.crt. I am using version 1.3.0 of the osixia/openldap:1.3.0 docker image.

I have used the following code to generate cert.key, cert.crt, and ca.crt based on my personal csr.conf file:

openssl genrsa 2048 > cert.key
chmod 400 cert.key
openssl req -config csr.conf -new -x509 -days 3650 -key cert.key -out cert.crt
cp cert.crt ca.crt

Hope this helps 😃

jboockmann on Apr 29, 2020

You also need a DH Parameters file:

openssl dhparam -out dhparam.pem 4096
set LDAP_TLS_DH_PARAM_FILENAME=dhparam.pem

cr1cr1 on May 6, 2020

I am not adding nothing of new, but in summary we have to:

create certs

echo "run command interactively"
exit 1;
openssl genrsa -des3 -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 1825 -out ca.crt

openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 825 -sha256
openssl dhparam -out dhparam.pem 4096

Run the container mapping the certs

docker run -v $PWD/../certs:/container/service/slapd/assets/certs -e LDAP_TLS_DH_PARAM_FILENAME=dhparam.pem -e LDAP_TLS_CRT_FILENAME=server.crt -e LDAP_TLS_KEY_FILENAME=server.key -e LDAP_TLS_CA_CRT_FILENAME=ca.crt -v $PWD/volumes/ldap:/var/lib/ldap -v $PWD/volumes/slap.d:/etc/ldap/slapd.d --env LDAP_CONFIG_PASSWORD=adminpass   -p 389:389 -p 636:636 osixia/openldap:1.5.0 --copy-service

christiansicari on Aug 3, 2022

@phlegx Did you get it working? @dengshuan Can you please post your configuration when you replaced gnutls with openssl? Thank you!

tushar-sakpal on Aug 10, 2018

@dengshuan Getting the same error. Could you solve it by replacing gnutls with openssl or otherwise? If yes, how did you replace it if I may ask? Could you post your configuration?

thanks a lot!

phlegx on Mar 17, 2016