Skip to content

Commit

Permalink
Merge pull request #123 from opencmit2/CustomAdminUser
Browse files Browse the repository at this point in the history 
issue[122] Add username customization
  • Loading branch information
@jp-gouin
jp-gouin authored Sep 25, 2023
2 parents 0e6659f + 86390b7 commit a1d952b
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 6 deletions.
3 changes: 3 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,10 @@ Global parameters to configure the deployment of the application.
| `global.imagePullSecrets` | Global list of imagePullSecrets | `[]` |
| `global.ldapDomain` | Domain LDAP can be explicit `dc=example,dc=org` or domain based `example.org` | `example.org` |
| `global.existingSecret` | Use existing secret for credentials - the expected keys are LDAP_ADMIN_PASSWORD and LDAP_CONFIG_ADMIN_PASSWORD | `""` |
| `global.adminUser` | Openldap database admin user | `admin` |
| `global.adminPassword` | Administration password of Openldap | `Not@SecurePassw0rd` |
| `global.configUserEnabled` | Whether to create a configuration admin user | `true` |
| `global.configUser` | Openldap configuration admin user | `admin` |
| `global.configPassword` | Configuration password of Openldap | `Not@SecurePassw0rd` |
| `global.ldapPort` | Ldap port | `389` |
| `global.sslLdapPort` | Ldaps port | `636` |
Expand Down
8 changes: 5 additions & 3 deletions templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ Generate olcSyncRepl list
{{- define "olcSyncRepls" -}}
{{- $name := (include "openldap.fullname" .) }}
{{- $namespace := .Release.Namespace }}
{{- $bindDNUser := .Values.global.adminUser }}
{{- $cluster := .Values.replication.clusterName }}
{{- $configPassword := ternary .Values.global.configPassword "%%CONFIG_PASSWORD%%" (empty .Values.global.existingSecret) }}
{{- $retry := .Values.replication.retry }}
Expand All @@ -78,7 +79,7 @@ Generate olcSyncRepl list
{{- $nodeCount := .Values.replicaCount | int }}
{{- range $index0 := until $nodeCount }}
{{- $index1 := $index0 | add1 }}
olcSyncRepl: rid=00{{ $index1 }} provider=ldap://{{ $name }}-{{ $index0 }}.{{ $name }}-headless.{{ $namespace }}.svc.{{ $cluster }}:1389 binddn="cn=admin,cn=config" bindmethod=simple credentials={{ $configPassword }} searchbase="cn=config" type=refreshAndPersist retry="{{ $retry }} +" timeout={{ $timeout }} starttls={{ $starttls }} tls_reqcert={{ $tls_reqcert }}
olcSyncRepl: rid=00{{ $index1 }} provider=ldap://{{ $name }}-{{ $index0 }}.{{ $name }}-headless.{{ $namespace }}.svc.{{ $cluster }}:1389 binddn="cn={{ $bindDNUser }},cn=config" bindmethod=simple credentials={{ $configPassword }} searchbase="cn=config" type=refreshAndPersist retry="{{ $retry }} +" timeout={{ $timeout }} starttls={{ $starttls }} tls_reqcert={{ $tls_reqcert }}
{{- end -}}
{{- end -}}

Expand All @@ -88,6 +89,7 @@ Generate olcSyncRepl list
{{- define "olcSyncRepls2" -}}
{{- $name := (include "openldap.fullname" .) }}
{{- $domain := (include "global.baseDomain" .) }}
{{- $bindDNUser := .Values.global.adminUser }}
{{- $namespace := .Release.Namespace }}
{{- $cluster := .Values.replication.clusterName }}
{{- $adminPassword := ternary .Values.global.adminPassword "%%ADMIN_PASSWORD%%" (empty .Values.global.existingSecret) }}
Expand All @@ -102,7 +104,7 @@ Generate olcSyncRepl list
olcSyncrepl:
rid=10{{ $index1 }}
provider=ldap://{{ $name }}-{{ $index0 }}.{{ $name }}-headless.{{ $namespace }}.svc.{{ $cluster }}:1389
binddn={{ printf "cn=admin,%s" $domain }}
binddn={{ printf "cn=%s,%s" $bindDNUser $domain }}
bindmethod=simple
credentials={{ $adminPassword }}
searchbase={{ $domain }}
Expand Down Expand Up @@ -223,7 +225,7 @@ Return the server name
Return the bdmin indDN
*/}}
{{- define "global.bindDN" -}}
{{- printf "cn=admin,%s" (include "global.baseDomain" .) -}}
{{- printf "cn=%s,%s" .Values.global.adminUser (include "global.baseDomain" .) -}}
{{- end -}}

{{/*
Expand Down
6 changes: 6 additions & 0 deletions templates/configmap-env.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,10 @@ data:
LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/certs/tls.crt
LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/certs/tls.key
LDAP_TLS_CA_FILE: /opt/bitnami/openldap/certs/ca.crt
{{- if .Values.global.configUserEnabled }}
LDAP_CONFIG_ADMIN_ENABLED: "yes"
LDAP_CONFIG_ADMIN_USERNAME: "{{ .Values.global.configUser }}"
{{- else }}
LDAP_CONFIG_ADMIN_ENABLED: "no"
{{- end }}
{{ toYaml .Values.env | indent 2 }}
3 changes: 3 additions & 0 deletions templates/secret.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,9 @@ metadata:
{{- end }}
type: Opaque
data:
LDAP_ADMIN_USERNAME: {{ .Values.global.adminUser | b64enc | quote }}
LDAP_ADMIN_PASSWORD: {{ .Values.global.adminPassword | b64enc | quote }}
{{- if .Values.global.configUserEnabled }}
LDAP_CONFIG_ADMIN_PASSWORD: {{ .Values.global.configPassword | b64enc | quote }}
{{- end}}
{{ end }}
7 changes: 4 additions & 3 deletions values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,10 @@ global:
# Specifies an existing secret to be used for admin and config user passwords. The expected key are LDAP_ADMIN_PASSWORD and LDAP_CONFIG_ADMIN_PASSWORD.
# existingSecret: ""
## Default Passwords to use, stored as a secret. Not used if existingSecret is set.
adminPassword: Not@SecurePassw0rd
adminUser: "admin"
adminPassword: Not@SecurePassw0rd
configUserEnabled: true
configUser: "admin"
configPassword: Not@SecurePassw0rd
ldapPort: 389
sslLdapPort: 636
Expand Down Expand Up @@ -96,8 +99,6 @@ env:
LDAP_TLS_ENFORCE: "false"
LDAPTLS_REQCERT: "never"
LDAP_ENABLE_TLS: "yes"
LDAP_CONFIG_ADMIN_ENABLED: "yes"
LDAP_CONFIG_ADMIN_USERNAME: "admin"
LDAP_SKIP_DEFAULT_TREE: "no"

# Pod Disruption Budget for Stateful Set
Expand Down

0 comments on commit a1d952b

Please sign in to comment.