Securing LDAP on Docker
This topic covers the steps to import your LDAP trust store and password into Docker as a secret, then define the secret in the Sametime configuration.
Before you begin
About this task
The steps in the following procedure must be completed with root access or you can use sudo which allows you to run commands as root.
Procedure
- Change directories to the root directory where Sametime installation package was decompressed.
-
Create a new file called tlsldap.env.
vi tlsldap.env
-
Add the following lines into the tlsldap.env file.
STI__Config__STLDAP_TLS_TRUST_STORE_TYPE=p12 STI__Config__STLDAP_TLS_TRUST_STORE_FILE=/local/notesdata/ldaptruststore.p12 STI__Config__STLDAP_TLS_TRUST_STORE_PASSWORD=ldaptruststorepass
-
Open the docker-compose.yml for editing.
-
Add a path to the LDAP trust store.
- If you do not have a volumes section in the docker-compose.yml file, create one under the networks section and add the following line to the section.
- If you already have a volumes section, add the following line to the section.
- ./ldaptruststore.p12:/local/notesdata/ldaptruststore.p12
The section should look like the following example. Ensure that the indentations look like the example.networks: - sametime.test volumes: - ./ldaptruststore.p12:/local/notesdata/ldaptruststore.p12
-
Restart the server to apply the changes.
docker-compose down docker-compose up -d