LDAP Proxy configmap
ldap_proxy_configmap is the configmap for the LDAP proxy pod, openldap. Edit this configmap to configure
connections to your own LDAP server when you have LDAPmode set to
proxy rather than standalone. This configmap is not
used when LDAPmode is set to standalone.
Contents
The following table lists the data elements that are contained in the
openldap configmap:
| Data elements | Description | More information |
|---|---|---|
|
|
Replaces the contents of the slapd.conf file, which configures the connection to your LDAP server. |
|
|
|
Adds a custom certificate authority (CA) certificate. |
Certificate is in the PEM format. |
Examples of each of the data elements in this configmap are provided.
Data element: ldap-proxy-slapd-replace:
Replaces the contents of the slapd.conf file, which configures the
connection to your LDAP server.
ldap-proxy-slapd-replace: |
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
sizelimit 500
database ldap
uri "ldaps://ldap.pichu.com"
suffix "dc=pichu,dc=com"
tls ldaps
tls_cacert=/home/openldap/certs/ldap-trusted-ca.pemNote: In this example,
tls ldaps
tls_cacert=/home/openldap/certs/ldap-trusted-ca.pemldap-trusted-ca-pem: data element.Data element: ldap-trusted-ca-pem:
Adds a custom CA certificate.
ldap-trusted-ca-pem: |
-----BEGIN CERTIFICATE-----
MIIFczABC1...
...
...8W1g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFgABCA...
...
...FRJEOTuGNSdgw123s=
-----END CERTIFICATE-----Note: Ensure that the managedByUser
label is set to "true" in the configmap metadata. Otherwise, the operator
replaces the configmap.
kind: ConfigMap
metadata:
labels:
managedByUser: "true"