Securing LDAP on Docker or Podman
This topic covers the steps to import your LDAP trust store and password into Docker as a secret, then define the secret in the Sametime configuration.
Before you begin
About this task
The steps in the following procedure must be completed with root access or you can use sudo which allows you to run commands as root.
Procedure
- Change directories to the root directory where Sametime installation package was decompressed.
-
Create a new file called tlsldap.env.
vi tlsldap.env
-
Add the following lines into the tlsldap.env file.
STI__Config__STLDAP_TLS_TRUST_STORE_TYPE=p12 STI__Config__STLDAP_TLS_TRUST_STORE_FILE=/local/notesdata/ldaptruststore.p12 STI__Config__STLDAP_TLS_TRUST_STORE_PASSWORD=ldaptruststorepass
-
Open the docker-compose.yml for editing.
-
Add a path to the LDAP trust store under the
community:
section in the docker-compose.yml file.- If you do not have a volumes section, create one under the
networks
section and add the following line. - If you already have a
volumes
section, add the following line to the section.
- ./ldaptruststore.p12:/local/notesdata/ldaptruststore.p12
The section should look like the following example. Ensure that the indentations look like the example.networks: - sametime.test volumes: - ./ldaptruststore.p12:/local/notesdata/ldaptruststore.p12
- If you do not have a volumes section, create one under the
-
Start the Sametime server to apply the changes.
docker compose up -d