LDAP configurations in Helm chart #1291
Comments
|
@vikram383 can you please provide more Info on LDAP configurations that you are looking, we are happy to take a pull request if you are interested to raise it |
|
Hi chukka |
|
i want to configure my company LDAP server for certain groups and users |
|
if you could attach some relevant document will be fine |
|
+1 Mybe here is the answer |
|
thanks , |
|
Finally is impossible via ---
apiVersion: batch/v1
kind: Job
metadata:
name: artifactory-config-patcher
spec:
template:
metadata:
annotations:
sidecar.istio.io/inject: "false"
spec:
securityContext:
fsGroup: 10001
imagePullSecrets:
- name: gitlab-registry
volumes:
- name: patcher-file
secret:
secretName: artifactory-config-patcher-file
containers:
- name: executer
image: curlimages/curl:7.74.0
imagePullPolicy: Always
command:
- "sh"
- "-c"
- >-
until
curl -u $ADMIN_USER:$ADMIN_PASSWORD -v
--connect-timeout 100 $ARTIFACTORY_URL/$HEALTH_API | grep OK; do
sleep 10; done;
curl -v --connect-timeout 100 -u $ADMIN_USER:$ADMIN_PASSWORD
-X PATCH $ARTIFACTORY_URL/$SETTINGS_API
-H "Content-Type: application/yaml" -T /var/patcher-file/configuration.yaml
env:
- name: ARTIFACTORY_URL
value: http://bio4n-artifactory-jfrog:8081
- name: SETTINGS_API
value: artifactory/api/system/configuration
- name: HEALTH_API
value: artifactory/api/system/ping
envFrom:
- secretRef:
name: artifactory-admin-credentials
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 200m
memory: 512Mi
volumeMounts:
- name: patcher-file
mountPath: /var/patcher-file
readOnly: true
securityContext:
runAsUser: 10001
runAsGroup: 10001
readOnlyRootFilesystem: true
restartPolicy: Never
ttlSecondsAfterFinished: 300
---
apiVersion: v1
stringData:
ADMIN_PASSWORD: some_password
ADMIN_USER: some_user_admin
kind: Secret
metadata:
name: artifactory-admin-credentials
type: Opaque
---
apiVersion: v1
stringData:
configuration.yaml: |
security: #Security configuration (LDAP, SAML, Password Policy, ...)
ldapSettings: #LDAP server(s) settings
x-coniguration-id: # The unique ID of the LDAP setting
emailAttribute: mail #An attribute that can be used to map a user's email to a user created automatically by Artifactory
ldapPoisoningProtection: true #When set to true (recommended), Artifactory will protect against LDAP poisoning by filtering out users exposed to vulnerability
ldapUrl: <ldap_url> #Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users
search:
managerDn: <ldap_bindDn> #The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf
managerPassword: <ldap_bindPassword> #The password of the user binding to the LDAP server when using "search" authentication
searchBase: <ldap_baseDn> #The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ). This is parameter is optional
searchFilter: (uid={0}) #A filter expression used to search for the user DN that is used in LDAP authentication. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful
searchSubTree: true #When set, enables deep search through the sub-tree of the LDAP URL + Search Base
userDnPattern: uid={0},$<ldap_baseDn> #A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. For example: uid={0},ou=People
allowUserToAccessProfile: true #When set, users created after logging in using LDAP will be able to access their profile page in Artifactory
autoCreateUser: true #When set, Artifactory will automatically create new users for those who have logged in using LDAP, and assign them to the default groups
enabled: true #When set, these settings are enabled
kind: Secret
metadata:
name: artifactory-config-patcher-file
type: Opaque |
|
great! is this working with your helm chart? |
|
|
Great bro , good job thanks |
|
Many configurations in this part https://www.jfrog.com/confluence/display/JFROG/Artifactory+YAML+Configuration works with this implementation. |
|
Was just about to implement this, saved me the time. For jfrog- I wasted quite a bit of time with |
|
Hi All, |
Is this a request for help?:
Is this a BUG REPORT or FEATURE REQUEST? (choose one):
Version of Helm and Kubernetes: helm=v3.4.1 k8s=v1.19.4
Which chart: artifactory helm chart(uses artifactory-pro)
What happened: i want to integrate LDAP configuartions in the chart how to do it ?
can we integrate it on system.yaml?
What you expected to happen: LDAP configarations shhould be automated in the chart
How to reproduce it (as minimally and precisely as possible):
no idea
Anything else we need to know:
when im deploying chart on logs it says system.yaml validation is failed how to recitify that ?
The text was updated successfully, but these errors were encountered: