LDAP Security Provider
You can use your existing LDAP server for authentication/authorization on the Management Center.
See Management Center Documentation for more detailed information.
Setting Up the LDAP Security Provider
To set up LDAP, you need to configure the securityProvider.ldap
section in the Management Center CR.
The following are the required fields to configure the LDAP Security provider.
Field | Description |
---|---|
|
URL of your LDAP server, including schema (ldap://) and port. |
|
The name of the secret that contains |
|
DN to be used for searching users. |
|
DN to be used for searching groups. |
|
Members of these groups and its nested groups have admin privileges on the Management Center. |
|
Members of these groups and its nested groups have read and write privileges on the Management Center. |
|
Members of these groups and its nested groups have only read privilege on the Management Center. |
|
Members of these groups and its nested groups have the privilege to see only the metrics on the Management Center. |
|
LDAP search filter expression to search for the users. |
|
LDAP search filter expression to search for the groups. |
Example Management Center LDAP Configuration
The following is an example configuration for the LDAP Security Provider:
apiVersion: hazelcast.com/v1alpha1
kind: ManagementCenter
metadata:
name: managementcenter
spec:
repository: "hazelcast/management-center"
licenseKeySecretName: hazelcast-license-key
securityProvider:
ldap:
credentialsSecretName: ldap-credentianls
groupDN: ou=users,dc=example,dc=org
groupSearchFilter: member={0}
nestedGroupSearch: false
url: ldap://ldap-server-url:1389
userDN: ou=users,dc=example,dc=org
userGroups:
- users
metricsOnlyGroups:
- metrics
adminGroups:
- admins
readonlyUserGroups:
- readers
userSearchFilter: cn={0}
The following example shows how to create a Secret
for the LDAP credentials.
$ kubectl create secret generic ldap-credentianls --from-literal=username="cn=admin,dc=example,dc=org" --from-literal=password="adminpassword"
$ kubectl get secret ldap-credentianls -o=yaml
apiVersion: v1
data:
password: YWRtaW5wYXNzd29yZA==
username: Y249YWRtaW4sZGM9ZXhhbXBsZSxkYz1vcmc=
kind: Secret
metadata:
creationTimestamp: "2023-10-11T10:51:37Z"
name: ldap-credentianls
namespace: default
resourceVersion: "59391"
uid: 299e5d42-4c72-4877-9a99-c6ffa3c68d07
type: Opaque