however this does not wor either on Ubuntu 20.04.2 running a samba AD-DC where Nextcloud (meanwhile version 20.0.8snap1) shall lookup and authenticate users and groups via LDAPS.
Having the CA root certificates in the snap rather than the hoast system is a security risk.
As of today, two certificates have expired:
Reproduce: run in nextcloud snap shell:
find *.pem -exec openssl x509 -text -noout -in "{}" ";" |grep "After"|grep "2021"
Not After : Dec 15 08:00:00 2021 GMT
Not After : Sep 30 14:01:15 2021 GMT
Not After : Dec 15 08:00:00 2021 GMT
Not After : Mar 17 18:33:33 2021 GMT
Not After : Apr 6 07:29:40 2021 GMT
The last two certificates are expired. Also, what if a root-CA certificate is compromised and needs to be replaced?
Please also add read-access to the host file /etc/ldap.conf via apparmor.
Let me add on this bug (and hopefully support a higher rating.
I tried to work-around sung: /forum. snapcraft. io/t/custom- ssl-certs- for-snapd- to-the- snap-store- communication/ 17446
https:/
however this does not wor either on Ubuntu 20.04.2 running a samba AD-DC where Nextcloud (meanwhile version 20.0.8snap1) shall lookup and authenticate users and groups via LDAPS.
Having the CA root certificates in the snap rather than the hoast system is a security risk.
As of today, two certificates have expired:
Reproduce: run in nextcloud snap shell:
find *.pem -exec openssl x509 -text -noout -in "{}" ";" |grep "After"|grep "2021"
Not After : Dec 15 08:00:00 2021 GMT
Not After : Sep 30 14:01:15 2021 GMT
Not After : Dec 15 08:00:00 2021 GMT
Not After : Mar 17 18:33:33 2021 GMT
Not After : Apr 6 07:29:40 2021 GMT
The last two certificates are expired. Also, what if a root-CA certificate is compromised and needs to be replaced?
Please also add read-access to the host file /etc/ldap.conf via apparmor.