LDAP Proxy configmap
If you selected LDAP mode:proxy
at installation time, edit the LDAP
proxy configmap file. To configure connections to your own LDAP server, add the trusted certificate
in the openldap pod. If you selected LDAP mode:standalone
at installation time,
this method is not used.
Contents
The following table lists the data elements that are contained in the
openldap
configmap:
Data elements | Description | More information |
---|---|---|
|
Replaces the contents of the slapd.conf file, which configures the connection to your LDAP server. |
|
|
Adds a custom certificate authority (CA) certificate. |
Certificate is in the PEM format. |
Examples of each of the data elements in this configmap are provided.
Data element: ldap-proxy-slapd-replace:
Replaces the contents of the slapd.conf file, which configures the
connection to your LDAP server.
ldap-proxy-slapd-replace: |
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
sizelimit 500
database ldap
uri "ldaps://ldap.pichu.com"
suffix "dc=pichu,dc=com"
tls ldaps
tls_cacert=/home/openldap/certs/ldap-trusted-ca.pem
Note: In this example,
tls ldaps
tls_cacert=/home/openldap/certs/ldap-trusted-ca.pem
points to the
ldap-trusted-ca-pem:
data element.Data element: ldap-trusted-ca-pem:
Adds a custom CA certificate.
ldap-trusted-ca-pem: |
-----BEGIN CERTIFICATE-----
MIIFczABC1...
...
...8W1g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFgABCA...
...
...FRJEOTuGNSdgw123s=
-----END CERTIFICATE-----
Note: Ensure that the managedByUser
label is set to "true" in the configmap metadata. Otherwise, the operator
replaces the configmap.
kind: ConfigMap
metadata:
labels:
managedByUser: "true"