Skip to content

Latest commit

 

History

History

proxy

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.adoc
README.adoc
 
 
ldap-cli.yaml
ldap-cli.yaml
 
 
openldap-proxy.yaml
openldap-proxy.yaml
 
 
slapd.conf
slapd.conf
 
 

README.adoc

OpenLDAP Proxy

OpenLDAP has a backend called meta which basically is a LDAP proxy.

It supports:

  • Simple bind with users from different LDAPs

  • Searching multiple LDAPs with a single search query

  • Rewrite of Domains and Attributes

AD 1 -----
         |
         ------ OpenLDAP Proxy ---- Confluent MDS
         |
AD 2 -----

Deploy OpenLDAP Proxy

export LDAP_NAMESPACE=ldap
kubectl create ns ${LDAP_NAMESPACE}
Deploy proxy
export CP_ADA_LETUSCODE_XYZ_ADMIN_PASSWORD=secret
export ADA_LETUSCODE_XYZ_ADMIN_PASSWORD=secret
export COM_CODELABS_DEV_ADMIN_PASSWORD=secret
envsubst < openldap-proxy.yaml | kubectl -n ${LDAP_NAMESPACE} apply -f -
Deploy cli
envsubst < ldap-cli.yaml | kubectl apply -n ${LDAP_NAMESPACE} -f -
Execute ldapsearch query with admin user of the virtual domain
ldapsearch -x -H ldap://openldap-proxy -b "ou=cp,dc=ada,dc=letuscode,dc=xyz" -D "cn=Admin,ou=cp,dc=ada,dc=letuscode,dc=xyz" -w "${CP_ADA_LETUSCODE_XYZ_ADMIN_PASSWORD}"

This user is able to search both Active Directories.

Use user from com.codelabs.dev domain
export PERSONS_USER_PASSWORD="my_user_password"
ldapsearch -x -H ldap://openldap-proxy -b "ou=cp,dc=ada,dc=letuscode,dc=xyz" -D "cn=florian.eisele,ou=Users,ou=Persons,ou=cp,dc=ada,dc=letuscode,dc=xyz" -w "${PERSONS_USER_PASSWORD}"
User user from ada.letuscode.xyz domain
export SERVICEACCOUNTS_USER_PASSWORD="my_user_password"
ldapsearch -x -H ldap://openldap-proxy -b "ou=cp,dc=ada,dc=letuscode,dc=xyz" -D "cn=Admin,ou=Users,ou=ServiceAccounts,ou=cp,dc=ada,dc=letuscode,dc=xyz" -w "${SERVICEACCOUNTS_USER_PASSWORD}"