Make sure you have basic CustomerID with SSO enabled with LDAPS install before applying these configurations. If not, follow first these instructions:

Enable SSL for LDAP

This example is done with self-signed certificate. It is always better to use publicly trusted certificate here.

Become root

sudo su -

Stop any CustomerID if it is running in all instances.

systemctl stop wildfly.service

Check cacerts before import (make sure you do not have certificate already)

# View all certificates
keytool -list \
        -storepass changeit \
        -cacerts \
          | grep -i openldap

Result should be something like this

Change linux.config so that it will use ldaps:// instead of ldap:// as a connection.

Note, we expect that LDAP is running in sso.example.com, change as needed.

Result should be something like this

If any errors occurs, one can always run setup.sh again to reverse below changes to original defaults.

Once done, run CustomerID setup.sh again.

Make sure that file permissions are owned by correct user

Finally restart services

Identity Server 2024.1

Enable ldaps for CustomerID

Enable SSL for LDAP