Idea ID: 2876767

UMC/eDirAPI: Make LDAP trusted roots configurable

Status: Under Consideration

Certificate management in UMC for UMC and other services is coming in a future update. However, we will review any possible interim solution. 

See status update history

Login to UMC fails if the LDAP server uses a certificate that was not signed by the internal eDir RSA CA. This is because /opt/novell/umc/scripts/ copies only /etc/opt/novell/certs/SSCert.pem into the eDirAPI docker container before it starts.

The script should at least also copy the ECDSA CA (/etc/opt/novell/certs/SSECCert.pem) into the container. Or better this should be configurable (multivalue) in case you use certificates signed by an external CA or several of different CAs.