AuthenticationClass

For a conceptual overview of authentication on the Stackable platform, read the authentication concepts page.

LDAP Provider

The following example shows all possible attributes:

apiVersion: authentication.stackable.tech/v1alpha1
kind: AuthenticationClass
metadata:
  name: ldap-full
spec:
  provider:
    ldap:
      hostname: my.ldap.server (1)
      port: 389 (2)
      searchBase: ou=users,dc=example,dc=org (3)
      searchFilter: (memberOf=cn=myTeam,ou=teams,dc=example,dc=org) (4)
      ldapFieldNames: (5)
        uid: uid
        group: memberof
        givenName: givenName
        surname: sn
        email: mail
      bindCredentials:
        secretClass: ldap-full-bind (6)
        scope: (7)
          pod: true
          node: false
          services:
            - ldap-full
      tls: (8)
        verification:
          server:
            caCert:
              secretClass: ldap-full-ca-cert
1 The hostname of the LDAP server without any protocol or port
2 The port of the LDAP server. If TLS is used defaults to 636 otherwise to 389
3 The searchBase where the users should be searched
4 Additional filter that filters the allowed users
5 The name of the corresponding field names in the LDAP objects
6 The name of the SecretClass providing the bind credentials (username and password)
7 The Scope of the SecretClass
8 TLS server verification of the LDAP server

To learn more, you can follow the Authentication with OpenLDAP tutorial.