Configuring SSL-enabled LDAP

If you want to use SSL-enabled LDAP in your container environment, you must create the SSL secret with the certificate of the LDAP server.

About this task

After you obtain the certificate and create the secret, you enable SSL and provide the secret name in the custom resource YAML file for deployment.

Procedure

  1. Get the root CA that is used to sign your LDAP server and save it to a certificate, for example ldap-server-cert.crt.
    See OpenSSL for instructions to export the root CA of your external service.
  2. To create the secret, run the following command in the Red Hat OpenShift project:
    kubectl create secret generic secretName --from-file=tls.crt=your_cert_path/ldap-server-cert.crt
    Substitute your values for secretName and your_cert_path/ldap-server-cert.crt. The certificate and key files must be in Privacy Enhanced Mail (PEM) format.
    Note: Multiple certificates are supported in crt file.
  3. Add the secret to the custom resource YAML file in the ldap_configuration section:
    ldap_configuration:
      …
        lc_ldap_ssl_enabled: true
        lc_ldap_ssl_secret_name: "<secretName>"
    Set the enabled parameter to true and provide your own secret name.

What to do next

To set up or configure storage to prepare for the container configuration and deployment, see topic Configuring storage for the content services environment.