From 46cb01fe0926ccb08f39fe40025116cc8218e8cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Bono?= Date: Mon, 12 Aug 2019 16:38:02 +0200 Subject: [PATCH] [bitnami/mariadb-galera] Update LDAP configuration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Bono --- bitnami/mariadb-galera/README.md | 17 +++++++++++++---- .../mariadb-galera/templates/statefulset.yaml | 12 ++++++++++++ bitnami/mariadb-galera/values-production.yaml | 3 +++ bitnami/mariadb-galera/values.yaml | 3 +++ 4 files changed, 31 insertions(+), 4 deletions(-) diff --git a/bitnami/mariadb-galera/README.md b/bitnami/mariadb-galera/README.md index 55fdb4b4c7..d3240a1365 100644 --- a/bitnami/mariadb-galera/README.md +++ b/bitnami/mariadb-galera/README.md @@ -101,6 +101,9 @@ The following table lists the configurable parameters of the MariaDB Galera char | `ldap.binddn` | LDAP bind DN | `nil` | | `ldap.bindpw` | LDAP bind password | `nil` | | `ldap.bslookup` | LDAP base lookup | `nil` | +| `ldap.nss_initgroups_ignoreusers` | LDAP ignored users | `root,nslcd` | +| `ldap.scope` | LDAP search scope | `nil` | +| `ldap.tls_reqcert` | LDAP TLS check on server certificates | `nil` | | `mariadbConfiguration` | Configuration for the MariaDB server | `_default values in the values.yaml file_` | | `configurationConfigMap` | ConfigMap with the MariaDB configuration files (Note: Overrides `mariadbConfiguration`). The value is evaluated as a template. | `nil` | | `initdbScripts` | Dictionary of initdb scripts | `nil` | @@ -183,17 +186,23 @@ LDAP support can be enabled in the chart by specifying the `ldap.` parameters wh - `ldap.binddn`: LDAP bind DN. No defaults. - `ldap.bindpw`: LDAP bind password. No defaults. - `ldap.bslookup`: LDAP base lookup. No defaults. +- `ldap.nss_initgroups_ignoreusers`: LDAP ignored users. `root,nslcd`. +- `ldap.scope`: LDAP search scope. No defaults. +- `ldap.tls_reqcert`: LDAP TLS check on server certificates. No defaults. For example: ```bash $ helm install --name my-release bitnami/mariadb-galera \ --set ldap.enabled="true" \ - --set ldap.url="ldap://my_ldap_server" \ - --set ldap.base="dc=example,dc=org" \ - --set ldap.binddn="cn=admin,dc=example,dc=org" \ + --set ldap.uri="ldap://my_ldap_server" \ + --set ldap.base="dc=example\,dc=org" \ + --set ldap.binddn="cn=admin\,dc=example\,dc=org" \ --set ldap.bindpw="admin" \ - --set ldap.bslookup="ou=group-ok,dc=example,dc=org" + --set ldap.bslookup="ou=group-ok\,dc=example\,dc=org" \ + --set ldap.nss_initgroups_ignoreusers="root\,nslcd" \ + --set ldap.scope="sub" \ + --set ldap.tls_reqcert="demand" ``` Next, login to the MariaDB server using the `mysql` client and add the PAM authenticated LDAP users. diff --git a/bitnami/mariadb-galera/templates/statefulset.yaml b/bitnami/mariadb-galera/templates/statefulset.yaml index 0d5cb785a7..9abdfbd2db 100644 --- a/bitnami/mariadb-galera/templates/statefulset.yaml +++ b/bitnami/mariadb-galera/templates/statefulset.yaml @@ -154,9 +154,21 @@ spec: name: {{ template "mariadb-galera.fullname" . }} {{- end }} key: ldap-bindpw + - name: MARIADB_LDAP_NSS_INITGROUPS_IGNOREUSERS + value: {{ .Values.ldap.nss_initgroups_ignoreusers | default "root,nslcd" | quote }} + {{- if .Values.ldap.bslookup }} - name: MARIADB_LDAP_BASE_LOOKUP value: {{ .Values.ldap.bslookup }} {{- end }} + {{- if .Values.ldap.scope }} + - name: MARIADB_LDAP_SCOPE + value: {{ .Values.ldap.scope }} + {{- end }} + {{- if .Values.ldap.tls_reqcert }} + - name: MARIADB_LDAP_TLS_REQCERT + value: {{ .Values.ldap.tls_reqcert }} + {{- end }} + {{- end }} {{- if .Values.extraFlags }} - name: MARIADB_EXTRA_FLAGS value: {{ .Values.extraFlags | quote }} diff --git a/bitnami/mariadb-galera/values-production.yaml b/bitnami/mariadb-galera/values-production.yaml index 6f50cc406a..f38875bc47 100644 --- a/bitnami/mariadb-galera/values-production.yaml +++ b/bitnami/mariadb-galera/values-production.yaml @@ -163,6 +163,9 @@ ldap: # binddn: # bindpw: # bslookup: + # nss_initgroups_ignoreusers: root,nslcd + # scope: + # tls_reqcert: ## Configure MariaDB with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file diff --git a/bitnami/mariadb-galera/values.yaml b/bitnami/mariadb-galera/values.yaml index 58eab6033e..b544bc4e33 100644 --- a/bitnami/mariadb-galera/values.yaml +++ b/bitnami/mariadb-galera/values.yaml @@ -163,6 +163,9 @@ ldap: # binddn: # bindpw: # bslookup: + # nss_initgroups_ignoreusers: root,nslcd + # scope: + # tls_reqcert: ## Configure MariaDB with a custom my.cnf file ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file