If you want to use SSL-enabled LDAP in your container environment, you must create the
SSL secret with the certificate of the LDAP server.
About this task
After you obtain the certificate and create the secret, you enable SSL and provide the
secret name in the custom resource YAML file for deployment.
Procedure
- Get the root CA that is used to sign your LDAP server and save it to a certificate, for
example ldap-server-cert.crt.
See
OpenSSL for instructions to export the root CA of your external service.
- To create the secret, run the following command in the OpenShift
project:
kubectl create secret generic secretName --from-file=tls.crt=your_cert_path/ldap-server-cert.crt
Substitute your values for
secretName and
your_cert_path/ldap-server-cert.crt. The
certificate and key files must be in Privacy Enhanced Mail (PEM) format.
- Add the secret to the custom resource YAML file in the
ldap_configuration section:
ldap_configuration:
…
lc_ldap_ssl_enabled: true
lc_ldap_ssl_secret_name: "<secretName>"
Set
the enabled parameter to true and provide your own secret name.