If you want to use SSL-enabled LDAP in your container environment, you must create the
SSL secret with the certificate of the LDAP server.
About this task
After you obtain the certificate and create the secret, you enable SSL and provide the
secret name in the custom resource YAML file for deployment.
Procedure
- Get the root CA that is used to sign your LDAP server and save it to a certificate, for
example ldap-server-cert.crt.
See
OpenSSL for instructions to export the root CA of your external service.
- To create the secret, run the following command in the Red Hat OpenShift
project:
kubectl create secret generic secretName --from-file=tls.crt=your_cert_path/ldap-server-cert.crt
Substitute your values for
secretName
and
your_cert_path/ldap-server-cert.crt
. The
certificate and key files must be in Privacy Enhanced Mail (PEM) format.
Note: Multiple certificates
are supported in crt file.
- Add the secret to the custom resource YAML file in the
ldap_configuration
section:
ldap_configuration:
…
lc_ldap_ssl_enabled: true
lc_ldap_ssl_secret_name: "<secretName>"
Set the enabled parameter to true and
provide your own secret name.
What to do next
To set up or configure storage to prepare for the container configuration and deployment, see
topic Configuring storage for the content services environment.