Skip to content

Securing LDAP on Docker or Podman

This topic covers the steps to import your LDAP trust store and password into Docker as a secret, then define the secret in the Sametime configuration.

Before getting started, create a trust store with the LDAP certificate from the LDAP server. Name the file ldaptruststore.p12 and place it into the directory where the docker-compose.yml file is located.

The steps in the following procedure must be completed with root access or you can use sudo which allows you to run commands as root.

  1. Change directories to the root directory where Sametime installation package was decompressed.

  2. Create a new file called tlsldap.env.

    vi tlsldap.env
    
  3. Add the following lines into the tlsldap.env file.

    STI__Config__STLDAP_TLS_TRUST_STORE_TYPE=p12 
    STI__Config__STLDAP_TLS_TRUST_STORE_FILE=/local/notesdata/ldaptruststore.p12 
    STI__Config__STLDAP_TLS_TRUST_STORE_PASSWORD=ldaptruststorepass
    
  4. Open the docker-compose.yml for editing.

    1. Locate the env_file: section under the community: subsection within the services: section.

    2. Move custom.env to a new line.

    3. Add the following line below custom.env.

       tlsldap.env
      

      The results should look like the following:

      services:
          community:
            env_file: 
              - custom.env
              - tlsldap.env
            environment:
      
  5. Add a path to the LDAP trust store under the community: section in the docker-compose.yml file.

    • If you do not have a volumes section, create one under the networks section and add the following line.
    • If you already have a volumes section, add the following line to the section.
      - ./ldaptruststore.p12:/local/notesdata/ldaptruststore.p12 
      

    The section should look like the following example. Ensure that the indentations look like the example.

    networks:
      - sametime.test
    volumes:
      - ./ldaptruststore.p12:/local/notesdata/ldaptruststore.p12
    
  6. Start the Sametime server to apply the changes.

    docker compose up -d
    

Parent Topic: Securing connections between Sametime servers and LDAP