How to use ldap certificate on docker image

[jkjha]

I am trying to configure ldap for my matomo server... From the plugin configuration page of my matomo instance, I have configured the server name and other details but I get error:

Unable to bind to server: Cant contact LDAP server Do we need to pass Bind Admin/ Password? According to this documentation: https://plugins.matomo.org/LoginLdap

_Authenticating using LDAPS.
In order to use LDAPS in the plugin, you would need to specify the hostname using ldaps://yourldapshost.com or alternatively using the LDAPS port of 636 in the configuration.

_Please note: When using a hostname that contains ldap:// or ldaps:// the port number specified in the configuration will be ignored. If you need to use a non-standard port then you will need to specify the LDAP server hostname without ldap:// or ldaps:// _

When using LDAPS - the server that you are hosting Matomo on will need to trust the CA that has issued the certificates for your LDAPS server (These certificates are often stored in /etc/openldap/certs)

Alternatively you can specify the location of the TSL certificates within the ldap.conf file that is normally stored in /etc/openldap/ldap.conf by adding the following: TLS_REQCERT never TLS_CACERT /usr/local/ssl/certs/myldap.pem TLS_CACERTDIR /usr/local/ssl/certs_

But I don't find neither /etc/openldap/ldap.conf dile nor other place to use ldap configuration. Can anyone please help me with this.

[flortsch]

Bind mount your custom ca-cert into your Matomo container. Then, create a file /etc/ldap/ldap.conf within your container that contains TLS_CACERT <path-to-your-ca-cert-within-container>.

Another approach is to use the system-wide ca-certificates. For this, you would bind mount your custom ca-cert into /usr/local/share/ca-certificates, so that it is picked up by the update-ca-certificates command. Then, you would execute update-ca-certificates within the container and use /etc/ssl/certs/ca-certificates.crt for the TLS_CACERT parameter in your ldap config.