# Manual Kubernetes Secret for LDAP Authentication Bind User ## Prerequisites * Helm version 3 is installed on your system. * The Kubernetes command line tool kubectl is configured and has access to the target installation. * You know the name and namespace of your Connectware installation. See [Obtaining the name, namespace, and version of your Connectware installation](https://docs.cybus.io/2-0-2/documentation/connectware-helm-chart#obtaining-the-name-namespace-and-version-of-your-connectware-installation). * The `values.yaml` file is available. * [LDAP authentication configured](https://docs.cybus.io/2-0-2/documentation/connectware-on-kubernetes/ldap-authentication/configuring-ldap-authentication). ## Manual Kubernetes Secret for LDAP Authentication Bind User If you don’t want to provide the bind user for LDAP authentication through the Helm values `bindDn` and `bindPassword` within the `global.authentication.ldap` context, you can also manually create a Kubernetes secret in Connectware’s namespace through your preferred method of managing secrets in Kubernetes. You will then need to provide the name of this secret in the Helm value `existingBindSecret`. This secret needs to contain two keys, `bindDn` and `bindPassword`, containing the parameters you did not specify directly as Helm values. If you want to use different keys, you can customize these as shown below. **Example** Create your Kubernetes secret: {% code lineNumbers="true" %} ```yaml kubectl -n create secret generic my-ldap-user --from-literal=bindDn="CN=Bind User,CN=Users,DC=company,DC=tld" --from-literal=bindPassword="S3cretPassword" ``` {% endcode %} Specify the name of the Secret: {% code lineNumbers="true" %} ```yaml global: authentication: ldap: enabled: true existingBindSecret: my-ldap-user searchBase: CN=Users,DC=company,DC=tld url: ldap://my-dc.complany.tld:389 ``` {% endcode %} ## Customizing Kubernetes Secret Keys If you want to customize the keys used in the Kubernetes secret, you can do so and specify the keys you want to use instead in the Helm value `existingBindSecretDnKey` and `existingBindSecretPasswordKey` within the `global.authentication.ldap` context. **Example** Create your Kubernetes secret: {% code lineNumbers="true" %} ```yaml kubectl -n create secret generic custom-ldap-user --from-literal=username="CN=Bind User,CN=Users,DC=company,DC=tld" --from-literal=password="S3cretPassword" ``` {% endcode %} Specify the name of the Secret in your `values.yaml` file: {% code lineNumbers="true" %} ```yaml global: authentication: ldap: enabled: true existingBindSecret: custom-ldap-user existingBindSecretDnKey: username existingBindSecretPasswordKey: password searchBase: CN=Users,DC=company,DC=tld url: ldap://my-dc.complany.tld:389 ``` {% endcode %} **Related Links** * [Single Sign-On with LDAP](https://docs.cybus.io/2-0-2/documentation/user-management/single-sign-on-sso/single-sign-on-with-ldap). * [Configuring Connectware to use LDAP authentication](https://docs.cybus.io/2-0-2/documentation/connectware-on-kubernetes/ldap-authentication/configuring-ldap-authentication)