core/oc-k8s
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixing ldap conf, initializing keto, oc-auth and co

Browse Source
This commit is contained in:
plm
2024-12-09 15:05:29 +01:00
parent ba9a971964
commit f7ae1165b9
39 changed files with 2132 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
opencloud/dev-values.yaml
View File

@@ -68,14 +68,14 @@ openldap:
tls:
enabled: false
env:
LDAP_ORGANISATION: "Acme opencloud"
LDAP_DOMAIN: "acme.com"
LDAP_ORGANISATION: "Example opencloud"
LDAP_DOMAIN: "example.com"
LDAP_BACKEND: "mdb"
LDAP_TLS: "false"
LDAP_TLS_ENFORCE: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "true"
adminPassword: "goaChai9"
configPassword: "xaidee2M"
adminPassword: "admin@password"
configPassword: "config@password"
phpldapadmin:
enabled: false
persistence:
@@ -88,22 +88,22 @@ openldap:
customLdifFiles:
01-schema.ldif: |-
dn: ou=groups,dc=acme,dc=com
dn: ou=groups,dc=example,dc=com
objectClass: organizationalUnit
ou: groups
dn: ou=users,dc=acme,dc=com
dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
ou: users
dn: cn=lastGID,dc=acme,dc=com
dn: cn=lastGID,dc=example,dc=com
objectClass: device
objectClass: top
description: Records the last GID used to create a Posix group. This prevents the re-use of a GID from a deleted group.
cn: lastGID
serialNumber: 2001
dn: cn=lastUID,dc=acme,dc=com
dn: cn=lastUID,dc=example,dc=com
objectClass: device
objectClass: top
serialNumber: 2001
@@ -111,44 +111,43 @@ openldap:
cn: lastUID
02-ldapadmin.ldif : |-
dn: cn=ldapadmin,ou=groups,dc=acme,dc=com
dn: cn=ldapadmin,ou=groups,dc=example,dc=com
objectClass: top
objectClass: posixGroup
cn: ldapadmin
memberUid: acme.ldapadmin
memberUid: ldapadmin
gidNumber: 2001
dn: uid=acme.ldapadmin,ou=users,dc=acme,dc=com
givenName: ldapadmin
sn: ldapadmin
uid: acme.ldapadmin
cn: acmeldapadmin
dn: uid=ldapadmin,ou=users,dc=example,dc=com
givenName: ldap
sn: admin
uid: ldapadmin
cn: ldapadmin
mail: ldapadmin@example.com
objectClass: person
objectClass: inetOrgPerson
objectClass: posixAccount
userPassword:: e0NSWVBUfSQ2JDhycFZxbk5NJHNmWVhBYUNYUzdZbXFhR1VWTjdJa20wT2hXLmVtT3oua2x5L3V5YUdjNE81MDVEalU0R2ZMb0hTaFVwNUkvVUxFT0JubWJ2d29meFNFcXIuaFRVMm0u
userPassword: ldapadmin
uidNumber: 2001
gidNumber: 2001
loginShell: /bin/bash
homeDirectory: /home/acme.ldapadmin
#acme.ldapadmin ia3Bahr3
homeDirectory: /home/ldapadmin
# ldap user manager configuration
ldapUserManager:
enabled: true
env:
SERVER_HOSTNAME: "users.acme.com"
LDAP_BASE_DN: "dc=acme,dc=com"
SERVER_HOSTNAME: "users.example.com"
LDAP_BASE_DN: "dc=example,dc=com"
LDAP_REQUIRE_STARTTLS: "false"
LDAP_ADMINS_GROUP: "ldapadmin"
LDAP_ADMIN_BIND_DN: "cn=admin,dc=acme,dc=com"
LDAP_ADMIN_BIND_PWD: "goaChai9"
LDAP_ADMIN_BIND_DN: "cn=admin,dc=example,dc=com"
LDAP_ADMIN_BIND_PWD: "admin@password"
LDAP_IGNORE_CERT_ERRORS: "true"
EMAIL_DOMAIN: ""
NO_HTTPS: "true"
SERVER_PATH: "/users"
ORGANISATION_NAME: "Acme"
ORGANISATION_NAME: "Example"
LDAP_USER_OU: "users"
LDAP_GROUP_OU: "groups"
ACCEPT_WEAK_PASSWORDS: "true"
@@ -176,15 +175,37 @@ traefik:
hydra:
enabled: true
maester:
enabled: false
enabled: true
hydra:
dev: true
config:
dsn: memory
urls:
login: http://localhost/auth/login
consent: http://localhost/auth/consent
logout: http://localhost/auth/logout
login: http://localhost/authentication/login
consent: http://localhost/consent/consent
logout: http://localhost/authentication/logout
self:
issuer: http://localhost/auth
issuer: http://localhost/idp
keto:
enabled: true
ocAuth:
enabled: false
image: oc-auth:latest
authType: hydra
hydra:
adminRole: admin
openCloudOauth2ClientSecretName: oc-auth-got-secret
ldap:
bindDn: "cn=admin,dc=example,dc=com"
binPwd: "password"
baseDn: "dc=example,dc=com"
roleBaseDn: "ou=AppRoles,dc=example,dc=com"
resources:
limits:
cpu: "128m"
memory: "128Mi"
requests:
cpu: "128m"
memory: "256Mi"