Continental Innovates with Rancher and Kubernetes
This section is intended to be used as a reference when setting up an OpenLDAP authentication provider in Rancher.
For further details on configuring OpenLDAP, refer to the official documentation.
Before you proceed with the configuration, please familiarize yourself with the concepts of External Authentication Configuration and Principal Users.
You will need to enter the address, port, and protocol to connect to your OpenLDAP server. 389 is the standard port for insecure traffic, 636 for TLS traffic.
389
636
Using TLS? If the certificate used by the OpenLDAP server is self-signed or not from a recognized certificate authority, make sure have at hand the CA certificate (concatenated with any intermediate certificates) in PEM format. You will have to paste in this certificate during the configuration so that Rancher is able to validate the certificate chain.
Using TLS?
If the certificate used by the OpenLDAP server is self-signed or not from a recognized certificate authority, make sure have at hand the CA certificate (concatenated with any intermediate certificates) in PEM format. You will have to paste in this certificate during the configuration so that Rancher is able to validate the certificate chain.
If you are in doubt about the correct values to enter in the user/group Search Base configuration fields, consult your LDAP administrator or refer to the section Identify Search Base and Schema using ldapsearch in the Active Directory authentication documentation.
User Search Base
If your OpenLDAP directory deviates from the standard OpenLDAP schema, you must complete the Customize Schema section to match it.
Note that the attribute mappings configured in this section are used by Rancher to construct search filters and resolve group membership. It is therefore always recommended to verify that the configuration here matches the schema used in your OpenLDAP.
If you are unfamiliar with the user/group schema used in the OpenLDAP server, consult your LDAP administrator or refer to the section Identify Search Base and Schema using ldapsearch in the Active Directory authentication documentation.
The table below details the parameters for the user schema configuration.
uid
memberOf
isMemberOf
User Enabled Attribute
The table below details the parameters for the group schema configuration.
Group Schema Configuration Parameters
Group Member Mapping Attribute
Search Attribute
User Member Attribute