Manual Kubernetes Secret for LDAP Authentication Bind User

Prerequisites

• Helm version 3 is installed on your system.

• The Kubernetes command line tool kubectl is configured and has access to the target installation.

• You know the name and namespace of your Connectware installation. See Obtaining the name, namespace, and version of your Connectware installation.

• The values.yaml file is available.

• LDAP authentication configured.

Manual Kubernetes Secret for LDAP Authentication Bind User

If you don’t want to provide the bind user for LDAP authentication through the Helm values bindDn and bindPassword within the global.authentication.ldap context, you can also manually create a Kubernetes secret in Connectware’s namespace through your preferred method of managing secrets in Kubernetes. You will then need to provide the name of this secret in the Helm value existingBindSecret.

This secret needs to contain two keys, bindDn and bindPassword, containing the parameters you did not specify directly as Helm values. If you want to use different keys, you can customize these as shown below.

Example

Create your Kubernetes secret:

kubectl -n <namespace> create secret generic my-ldap-user --from-literal=bindDn="CN=Bind User,CN=Users,DC=company,DC=tld" --from-literal=bindPassword="S3cretPassword"

Specify the name of the Secret:

global:
    authentication:
        ldap:
            enabled: true
            existingBindSecret: my-ldap-user
            searchBase: CN=Users,DC=company,DC=tld
            url: ldap://my-dc.complany.tld:389

Customizing Kubernetes Secret Keys

If you want to customize the keys used in the Kubernetes secret, you can do so and specify the keys you want to use instead in the Helm value existingBindSecretDnKey and existingBindSecretPasswordKey within the global.authentication.ldap context.

Example

Create your Kubernetes secret:

kubectl -n <namespace> create secret generic custom-ldap-user --from-literal=username="CN=Bind User,CN=Users,DC=company,DC=tld" --from-literal=password="S3cretPassword"

Specify the name of the Secret in your values.yaml file:

global:
    authentication:
        ldap:
            enabled: true
            existingBindSecret: custom-ldap-user
            existingBindSecretDnKey: username
            existingBindSecretPasswordKey: password
            searchBase: CN=Users,DC=company,DC=tld
            url: ldap://my-dc.complany.tld:389

Related Links

• Single Sign-On with LDAP.

• Configuring Connectware to use LDAP authentication