Install OpenLDAP with DevStream

InstanceID Prefix

The instanceID prefix must be openldap, the minimum tools configuration example:

YAML

  1. tools:
  2. - name: helm-installer
  3.   instanceID: openldap

Default Configs

keydefault valuedescription
chart.chartPath“”local chart path
chart.chartNamehelm-openldap/openldap-stack-hacommunity chart name
chart.version“”chart version
chart.timeout10mthis config will wait 5 minutes to deploy
chart.releaseNameopenldaphelm release name
chart.upgradeCRDstruedefault update CRD config
chart.namespaceopenldapnamespace where helm to deploy
chart.waittruewhether to wait until installation is complete
repo.urlhttps://jp-gouin.github.io/helm-openldap/helm repo address
repo.namehelm-openldaphelm repo name

Description of Key Fields in valuesYaml

  • replicaCount: The default value is 3, for the convenience of local testing, the above example is set to 1
  • service.type: The default value is ClusterIP, if you have services outside the Kubernetes cluster that require ldap integration, the value preferably be set to NodePort, so that services outside the Kubernetes cluster can access the ldap service via ldap://ip:389 instead of ldap://openldap.openldap-openldap-stack-ha:389
  • adminPassword: Use your own custom password
  • configPassword: Use your own custom password
  • ltb-passwd: Ingress of the Ltb-Passwd service by which you can modify your password. If you need this service, you can set ltb-passwd.enabled to true.
  • phpldapadmin.ingress: Ingress of Phpldapadmin service by which you can manage your ldap service. If you wish to expose the service to the Internet, you can change the phpldapadmin.ingress.enabled to true and configure your own domain name

Post-installation Operations

Once the installation is complete, you can manage ldap service through phpldapadmin. For local testing, you can access the service through port forwarding. The commands are as follows.

Bash

  1. kubectl port-forward svc/openldap-phpldapadmin 8080:80 -n openldap

Now you can now access the phpldapadmin service on your browser via http://127.0.0.1:8080

If you have not changed the default values in the above example, its account will be cn=admin,dc=devstream,dc=org and password will be Not@SecurePassw0rd.

Note: If you’re familiar with OpenLDAP, then you don’t need to continue reading the tutorial below, you can just go ahead and integrate ldap for your service.

Importing Your Data

The following is a sample file, if you have changed the above configuration, remember to replace dc=devstream,dc=org with your own.

Text Only

  1. dn: cn=admin,dc=devstream,dc=org
  2. cn: admin
  3. objectclass: organizationalRole
  5. dn: ou=Group,dc=devstream,dc=org
  6. cn: Group
  7. objectclass: organizationalRole
  8. ou: Group
  10. # confluence organizationalUnit
  11. dn: ou=confluence,ou=Group,dc=devstream,dc=org
  12. objectclass: organizationalUnit
  13. objectclass: top
  14. ou: confluence
  16. # confluence administrators group
  17. dn: cn=confluence-administrators,ou=confluence,ou=Group,dc=devstream,dc=org
  18. cn: confluence-administrators
  19. description:: d2lraeeuoeeQhue7hA==
  20. objectclass: groupOfUniqueNames
  21. uniquemember: uid=example,ou=People,dc=devstream,dc=org
  23. # confluence users group
  24. dn: cn=confluence-users,ou=confluence,ou=Group,dc=devstream,dc=org
  25. cn: confluence-users
  26. description:: d2lraeaZrumAmueUqOaItw==
  27. objectclass: groupOfUniqueNames
  28. uniquemember: uid=example,ou=People,dc=devstream,dc=org
  30. # jira organizationalUnit
  31. dn: ou=jira,ou=Group,dc=devstream,dc=org
  32. objectclass: organizationalUnit
  33. objectclass: top
  34. ou: jira
  36. # jira administrators Group
  37. dn: cn=jira-administrators,ou=jira,ou=Group,dc=devstream,dc=org
  38. cn: jira-administrators
  39. description:: amlyYeeuoeeQhue7hA==
  40. objectclass: groupOfUniqueNames
  41. uniquemember: uid=example,ou=People,dc=devstream,dc=org
  43. # jira users group
  44. dn: cn=jira-software-users,ou=jira,ou=Group,dc=devstream,dc=org
  45. cn: jira-software-users
  46. description:: amlyYeeuoeeQhue7hA==
  47. objectclass: groupOfUniqueNames
  48. uniquemember: uid=example,ou=People,dc=devstream,dc=org
  50. dn: ou=People,dc=devstream,dc=org
  51. objectclass: organizationalUnit
  52. ou: People
  54. # People for example
  55. dn: uid=example,ou=People,dc=devstream,dc=org
  56. cn: example
  57. gidnumber: 500
  58. givenname: example
  59. homedirectory: /home/example
  60. loginshell: /bin/sh
  61. mail: example@devstream.org
  62. objectclass: inetOrgPerson
  63. objectclass: posixAccount
  64. objectclass: top
  65. sn: example
  66. uid: example
  67. uidnumber: 1007
  68. userpassword: example@123456

Login your phpldapadmin service and import the sample configuration above.After importing the data successfully, the result is as follows.

Verify the LDAP Service

Log in to the container where the ldap service is located, and then use the ldapsearch command to query the user(uid=example,ou=people,dc=devstream,dc=org) created above

Bash

  1. root@openldap-openldap-stack-ha-0:/# ldapsearch -x -H ldap://127.0.0.1:389 -b uid=example,ou=people,dc=devstream,dc=org -D "cn=admin,dc=devstream,dc=org" -w Not@SecurePassw0rd
  3. # extended LDIF
  4. #
  5. # LDAPv3
  6. # base <uid=example,ou=people,dc=devstream,dc=org> with scope subtree
  7. # filter: (objectclass=*)
  8. # requesting: ALL
  9. #
  11. # example, People, devstream.org
  12. dn: uid=example,ou=People,dc=devstream,dc=org
  13. cn: example
  14. gidNumber: 500
  15. givenName: example
  16. homeDirectory: /home/example
  17. loginShell: /bin/sh
  18. mail: example@devstream.org
  19. objectClass: inetOrgPerson
  20. objectClass: posixAccount
  21. objectClass: top
  22. sn: example
  23. uid: example
  24. uidNumber: 1007
  25. userPassword:: ZXhhbXBsZUAxMjM0NTY=
  27. # search result
  28. search: 2
  29. result: 0 Success
  31. # numResponses: 2
  32. # numEntries: 1

If your command output is as above, your ldap service is fine. The above valuesYaml is only to facilitate your local testing, if you want production available, you also have to configure replicaCount, data persistence, etc., refer to OpenLDAP values.yaml