AuthenticationClass

For a conceptual overview of authentication on the Stackable platform, read the authentication concepts page.

LDAP Provider

The following example shows all possible attributes:

apiVersion: authentication.stackable.tech/v1alpha1
kind: AuthenticationClass
metadata:
  name: ldap-full
spec:
  provider:
    ldap:
      hostname: my.ldap.server (1)
      port: 389 (2)
      searchBase: ou=users,dc=example,dc=org (3)
      searchFilter: (memberOf=cn=myTeam,ou=teams,dc=example,dc=org) (4)
      ldapFieldNames: (5)
        uid: uid
        group: memberof
        givenName: givenName
        surname: sn
        email: mail
      bindCredentials:
        secretClass: ldap-full-bind (6)
        scope: (7)
          pod: true
          node: false
          services:
            - ldap-full
      tls: (8)
        verification:
          server:
            caCert:
              secretClass: ldap-full-ca-cert

1	The hostname of the LDAP server without any protocol or port
2	The port of the LDAP server. If TLS is used defaults to `636` otherwise to `389`
3	The searchBase where the users should be searched
4	Additional filter that filters the allowed users
5	The name of the corresponding field names in the LDAP objects
6	The name of the `SecretClass` providing the bind credentials (username and password)
7	The Scope of the `SecretClass`
8	TLS server verification of the LDAP server

To learn more, you can follow the Authentication with OpenLDAP tutorial.