Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set the ldap certificate value properly. #139

Closed
wants to merge 1 commit into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions cluster/operations/ldap.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
# Skip certificate verification. Default: false
insecure_skip_verify: ((ldap_insecure_skip_verify))
# The CA certificate for the LDAP auth provider’s endpoints.
ca_cert: ((ldap_ca_cert))
ca_cert:
certificate: ((ldap_ca_cert))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think this is actually proper - it seems like the current ops file expects ldap_ca_cert to be a certificate typed variable

@brightzheng100 is that right?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@brightzheng100 @vito Then you cannot read the certificate from a file, rather you would have to set the variable in a file and interpolate it. Both work but I believe reading the certificate from a file is a better solution.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I agree with you @sandyg1.
Based on what I've tested here, it's better to make it more specific, even either way works.

# Start on insecure port, then negotiate TLS. Default: false
start_tls: ((ldap_start_tls))

Expand All @@ -36,10 +37,11 @@
# Optional filter to apply when searching the directory. e.g. "(objectClass=posixGroup)"
group_search_filter: ((ldap_group_search_filter))
# Adds an additional requirement to the filter that an attribute in the group match the user’s attribute value.
# The exact filter being added is (=)
# The exact filter being added is (=) e.g. "member"
group_search_group_attr: ((ldap_group_search_group_attr))
# dn for the group
group_search_user_attr: ((ldap_group_search_user_attr))
# The attribute of the group that represents its name, e.g. "cn"
# The attribute of the group that represents its name, e.g. "cn" of group
group_search_name_attr: ((ldap_group_search_name_attr))
# Can either be ‘sub’ - search the whole sub tree or ‘one’ - only search one level. Defaults to ‘sub’ if empty.
group_search_scope: ((ldap_group_search_scope))