Managing secrets for SSL-enabled LDAP

If you want to use SSL-enabled LDAP in your container environment, you must create the SSL secret with the certificate of the LDAP server.

About this task

After you obtain the certificate and create the secret, you enable SSL and provide the secret name in the custom resource YAML file for deployment.

Procedure

  1. Get the root CA that is used to sign your LDAP server and save it to a certificate, for example ldap-server-cert.crt.
    See OpenSSL for instructions to export the root CA of your external service.
  2. To create the secret, run the following command in the Red Hat OpenShift project:
    kubectl create secret generic secretName --from-file=tls.crt=your_cert_path/ldap-server-cert.crt
    Substitute your values for secretName and your_cert_path/ldap-server-cert.crt.
    Note: Multiple certificates are supported in the crt file. All supplied certificate files need to be in PEM format.
  3. Add the secret to the custom resource YAML file in the ldap_configuration section:
    ldap_configuration:
      …
        lc_ldap_ssl_enabled: true
        lc_ldap_ssl_secret_name: "<secretName>"
    Set the enabled parameter to true and provide your own secret name.