If the LDAP server has a self-signed SSL certificate

The connection to LDAP will fail if an SSL connection is required and a self-signed SSL certificate is installed on the server. To prevent connection errors, follow these steps before configuring synchronization:

1. Connect to the server with the platform via SSH. For more information about connecting via SSH, see Workstation setup.

2. Create a directory for LDAP configuration: 

   mkdir /opt/ispsystem/ldap/

3. Determine the OS version inside the container with LDAP service: 

   docker inspect auth | grep docker-registry

   The OS version will be specified in the last segment of the output. Example of command output for a container with AlmaLinux 8.9:

   "Image": "docker-registry.ispsystem.com/ispsystem/experimental/auth/alma:8.9"

4. For LDAP container with Debian OS:
   1. Create a file named ldap.conf in the /opt/ispsystem/ldap/ directory with the following content: 

      TLS_CACERT  /etc/ssl/certs/ca-certificates.crt
      TLS_REQCERT never

   2. Create a patch file /opt/ispsystem/ldap.yaml with the following content: 

      version: "3.5"
      services:
        auth_back4:
          volumes:
          - /opt/ispsystem/ldap/:/etc/ldap/

5. For LDAP container with AlmaLinux OS:

   1. Create a file named ldap.conf in the /opt/ispsystem/ldap/ directory with the following content:

      TLS_CACERT    /etc/ssl/certs/ca-bundle.crt   
      TLS_REQCERT never

   2. Create a patch file /opt/ispsystem/ldap.yaml with the following content:

      version: "3.5"
      services:
        auth_back4:
          volumes:
          - /opt/ispsystem/ldap/:/etc/openldap/

6. Apply the patch for the LDAP service: 

   vm add-patch -p=LDAP -f /opt/ispsystem/ldap.yaml

vm remove-patch -p=LDAP

After completing these steps, configure the synchronization according to the instructions in the article Synchronization with the LDAP directory.