VMmanager Knowledge Base

If the LDAP server has a self-signed SSL certificate

If an SSL connection is required to connect to LDAP and a self-signed SSL certificate is installed on the server, the connection will fail.

To avoid connection errors, perform the following steps before configuring synchronization:

  1. Connect to the server with the platform via SSH.
  2. Create a directory for LDAP configuration: 

    mkdir /opt/ispsystem/ldap
  3. Create an ldap.conf file in the /opt/ispsystem/ldap/ directory with the following content:

    TLS_CACERT	/etc/ssl/certs/ca-certificates.crt
    TLS_REQCERT never
  4. Create a patch file /opt/ispsystem/ldap.yaml with the following content:

    version: "3.5"
    services:
      ldap:
        volumes:
        - /opt/ispsystem/ldap/:/etc/ldap/
  5. Apply the patch to the LDAP service: 

    VMmanager
    /usr/local/bin/vm add-patch -p=LDAP -f /opt/ispsystem/ldap.yaml
    DCImanager 6
    /usr/local/bin/dci add-patch -p=LDAP -f /opt/ispsystem/ldap.yaml
After completing these steps, configure the synchronization according to the instructions in the article Synchronization with the LDAP directory.