If you want to use SSL-enabled LDAP in your container environment, you must create the
SSL secret with the certificate of the LDAP server.
About this task
After you obtain the certificate and create the secret, you enable SSL and provide the
secret name in the custom resource YAML file for deployment.
Procedure
- Get the root CA that is used to sign your LDAP server and save it to a certificate, for
example ldap-server-cert.crt.
See
OpenSSL for instructions to export the root CA of your external service.
- To create the secret, run the following command in the Red Hat OpenShift
project:
kubectl create secret generic secretName --from-file=tls.crt=your_cert_path/ldap-server-cert.crt
Substitute your values for
secretName
and
your_cert_path/ldap-server-cert.crt
.
Note: Multiple certificates are supported in the crt file. All supplied
certificate files need to be in PEM format.
- Add the secret to the custom resource YAML file in the
ldap_configuration
section:
ldap_configuration:
…
lc_ldap_ssl_enabled: true
lc_ldap_ssl_secret_name: "<secretName>"
Set the enabled parameter to true and
provide your own secret name.