AuthenticationClass
For a conceptual overview of authentication on the Stackable platform, read the authentication concepts page.
LDAP Provider
The following example shows all possible attributes:
apiVersion: authentication.stackable.tech/v1alpha1 kind: AuthenticationClass metadata: name: ldap-full spec: provider: ldap: hostname: my.ldap.server (1) port: 389 (2) searchBase: ou=users,dc=example,dc=org (3) searchFilter: (memberOf=cn=myTeam,ou=teams,dc=example,dc=org) (4) ldapFieldNames: (5) uid: uid group: memberof givenName: givenName surname: sn email: mail bindCredentials: secretClass: ldap-full-bind (6) scope: (7) pod: true node: false services: - ldap-full tls: (8) verification: server: caCert: secretClass: ldap-full-ca-cert| 1 | The hostname of the LDAP server without any protocol or port |
| 2 | The port of the LDAP server. If TLS is used defaults to 636 otherwise to 389 |
| 3 | The searchBase where the users should be searched |
| 4 | Additional filter that filters the allowed users |
| 5 | The name of the corresponding field names in the LDAP objects |
| 6 | The name of the SecretClass providing the bind credentials (username and password) |
| 7 | The Scope of the SecretClass |
| 8 | TLS server verification of the LDAP server |
To learn more, you can follow the Authentication with OpenLDAP tutorial.