LDAP Proxy configmap
If you selected LDAP mode:proxy at installation time, edit the LDAP
proxy configmap file. To configure connections to your own LDAP server, add the trusted certificate
in the openldap pod. If you selected LDAP mode:standalone at installation time,
this method is not used.
Contents
openldap configmap:
| Data elements | Description | More information |
|---|---|---|
|
|
Replaces the contents of the slapd.conf file, which configures the connection to your LDAP server. |
|
|
|
Adds a custom certificate authority (CA) certificate. |
Certificate is in the PEM format. |
Examples of each of the data elements in this configmap are provided.
Data element: ldap-proxy-slapd-replace:
ldap-proxy-slapd-replace: |
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
sizelimit 500
database ldap
uri "ldaps://ldap.pichu.com"
suffix "dc=pichu,dc=com"
tls ldaps
tls_cacert=/home/openldap/certs/ldap-trusted-ca.pemtls ldaps
tls_cacert=/home/openldap/certs/ldap-trusted-ca.pemldap-trusted-ca-pem: data element.Data element: ldap-trusted-ca-pem:
ldap-trusted-ca-pem: |
-----BEGIN CERTIFICATE-----
MIIFczABC1...
...
...8W1g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFgABCA...
...
...FRJEOTuGNSdgw123s=
-----END CERTIFICATE-----The RootCA certificate and all intermediate certificates for the LDAP server
must be added to the ldap-trusted-ca-pem property.
Ensure that the managedByUser label is set to true in the
configmap metadata. Otherwise, the operator replaces the ConfigMap.
kind: ConfigMap
metadata:
labels:
managedByUser: "true"Ensure that LDAP_VERIFY_PASSWORDS is set to true in the in
the <deployment-name>-webgui statefulset in order to view the authentication
status of the required LDAP users.