Ldap

There are various customizations you can do to tailor the deployment of OpenStack Ldap. You can find those below.

General Parameters

• bootstrap.enabled

  • Type: bool

  • Description:

  • false

• data.sample

  • Type: string

  • Description:

  • dn: ou=People,dc=cluster,dc=local
    objectclass: organizationalunit
    ou: People
    description: We the People
    
    # NOTE: Password is \"password\" without quotes
    dn: uid=alice,ou=People,dc=cluster,dc=local
    objectClass: inetOrgPerson
    objectClass: top
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: person
    sn: Alice
    cn: alice
    uid: alice
    userPassword: {SSHA}+i3t/DLCgLDGaIOAmfeFJ2kDeJWmPUDH
    description: SHA
    gidNumber: 1000
    uidNumber: 1493
    homeDirectory: /home/alice
    mail: alice@example.com
    
    # NOTE: Password is \"password\" without quotes
    dn: uid=bob,ou=People,dc=cluster,dc=local
    objectClass: inetOrgPerson
    objectClass: top
    objectClass: posixAccount
    objectClass: shadowAccount
    objectClass: person
    sn: Bob
    cn: bob
    uid: bob
    userPassword: {SSHA}fCJ5vuW1BQ4/OfOVkkx1qjwi7yHFuGNB
    description: MD5
    gidNumber: 1000
    uidNumber: 5689
    homeDirectory: /home/bob
    mail: bob@example.com
    
    dn: ou=Groups,dc=cluster,dc=local
    objectclass: organizationalunit
    ou: Groups
    description: We the People
    
    dn: cn=cryptography,ou=Groups,dc=cluster,dc=local
    objectclass: top
    objectclass: posixGroup
    gidNumber: 418
    cn: cryptography
    description: Cryptography Team
    memberUID: uid=alice,ou=People,dc=cluster,dc=local
    memberUID: uid=bob,ou=People,dc=cluster,dc=local
    
    dn: cn=blue,ou=Groups,dc=cluster,dc=local
    objectclass: top
    objectclass: posixGroup
    gidNumber: 419
    cn: blue
    description: Blue Team
    memberUID: uid=bob,ou=People,dc=cluster,dc=local
    
    dn: cn=red,ou=Groups,dc=cluster,dc=local
    objectclass: top
    objectclass: posixGroup
    gidNumber: 420
    cn: red
    description: Red Team
    memberUID: uid=alice,ou=People,dc=cluster,dc=local
    

• dependencies.dynamic.common.local_image_registry.jobs[0]

  • Type: string

  • Description:

  • “ldap-image-repo-sync”

• dependencies.dynamic.common.local_image_registry.services[0].endpoint

  • Type: string

  • Description:

  • “node”

• dependencies.dynamic.common.local_image_registry.services[0].service

  • Type: string

  • Description:

  • “local_image_registry”

• dependencies.static.bootstrap.services[0].endpoint

  • Type: string

  • Description:

  • “internal”

• dependencies.static.bootstrap.services[0].service

  • Type: string

  • Description:

  • “ldap”

• dependencies.static.image_repo_sync.services[0].endpoint

  • Type: string

  • Description:

  • “internal”

• dependencies.static.image_repo_sync.services[0].service

  • Type: string

  • Description:

  • “local_image_registry”

• dependencies.static.ldap.jobs

  • Type: string

  • Description:

  • nil

• dependencies.static.server.jobs[0]

  • Type: string

  • Description:

  • “ldap-load-data”

• dependencies.static.server.services[0].endpoint

  • Type: string

  • Description:

  • “internal”

• dependencies.static.server.services[0].service

  • Type: string

  • Description:

  • “ldap”

• endpoints.cluster_domain_suffix

  • Type: string

  • Description:

  • “cluster.local”

• endpoints.ldap.host_fqdn_override.default

  • Type: string

  • Description:

  • nil

• endpoints.ldap.hosts.default

  • Type: string

  • Description:

  • “ldap”

• endpoints.ldap.path

  • Type: string

  • Description:

  • nil

• endpoints.ldap.port.ldap.default

  • Type: int

  • Description:

  • 389

• endpoints.ldap.scheme

  • Type: string

  • Description:

  • “ldap”

• endpoints.local_image_registry.host_fqdn_override.default

  • Type: string

  • Description:

  • nil

• endpoints.local_image_registry.hosts.default

  • Type: string

  • Description:

  • “localhost”

• endpoints.local_image_registry.hosts.internal

  • Type: string

  • Description:

  • “docker-registry”

• endpoints.local_image_registry.hosts.node

  • Type: string

  • Description:

  • “localhost”

• endpoints.local_image_registry.name

  • Type: string

  • Description:

  • “docker-registry”

• endpoints.local_image_registry.namespace

  • Type: string

  • Description:

  • “docker-registry”

• endpoints.local_image_registry.port.registry.node

  • Type: int

  • Description:

  • 5000

• endpoints.oci_image_registry.auth.enabled

  • Type: bool

  • Description:

  • false

• endpoints.oci_image_registry.auth.ldap.password

  • Type: string

  • Description:

  • “password”

• endpoints.oci_image_registry.auth.ldap.username

  • Type: string

  • Description:

  • “ldap”

• endpoints.oci_image_registry.host_fqdn_override.default

  • Type: string

  • Description:

  • nil

• endpoints.oci_image_registry.hosts.default

  • Type: string

  • Description:

  • “localhost”

• endpoints.oci_image_registry.name

  • Type: string

  • Description:

  • “oci-image-registry”

• endpoints.oci_image_registry.namespace

  • Type: string

  • Description:

  • “oci-image-registry”

• endpoints.oci_image_registry.port.registry.default

  • Type: string

  • Description:

  • nil

• images.local_registry.active

  • Type: bool

  • Description:

  • false

• images.local_registry.exclude[0]

  • Type: string

  • Description:

  • “dep_check”

• images.local_registry.exclude[1]

  • Type: string

  • Description:

  • “image_repo_sync”

• images.pull_policy

  • Type: string

  • Description:

  • “IfNotPresent”

• images.tags.bootstrap

  • Type: string

  • Description:

  • “docker.io/osixia/openldap:1.2.0”

• images.tags.dep_check

  • Type: string

  • Description:

  • “quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal”

• images.tags.image_repo_sync

  • Type: string

  • Description:

  • “docker.io/library/docker:17.07.0”

• images.tags.ldap

  • Type: string

  • Description:

  • “docker.io/osixia/openldap:1.2.0”

• labels.job.node_selector_key

  • Type: string

  • Description:

  • “openstack-control-plane”

• labels.job.node_selector_value

  • Type: string

  • Description:

  • “enabled”

• labels.server.node_selector_key

  • Type: string

  • Description:

  • “openstack-control-plane”

• labels.server.node_selector_value

  • Type: string

  • Description:

  • “enabled”

• manifests.configmap_bin

  • Type: bool

  • Description:

  • true

• manifests.configmap_etc

  • Type: bool

  • Description:

  • true

• manifests.job_bootstrap

  • Type: bool

  • Description:

  • true

• manifests.job_image_repo_sync

  • Type: bool

  • Description:

  • true

• manifests.network_policy

  • Type: bool

  • Description:

  • false

• manifests.secret_registry

  • Type: bool

  • Description:

  • true

• manifests.service

  • Type: bool

  • Description:

  • true

• manifests.statefulset

  • Type: bool

  • Description:

  • true

• network_policy.ldap.egress[0]

  • Type: object

  • Description:

  • {}

• network_policy.ldap.ingress[0]

  • Type: object

  • Description:

  • {}

• openldap.domain

  • Type: string

  • Description:

  • “cluster.local”

• openldap.password

  • Type: string

  • Description:

  • “password”

• pod.affinity.anti.topologyKey.default

  • Type: string

  • Description:

  • “kubernetes.io/hostname”

• pod.affinity.anti.type.default

  • Type: string

  • Description:

  • “preferredDuringSchedulingIgnoredDuringExecution”

• pod.affinity.anti.weight.default

  • Type: int

  • Description:

  • 10

• pod.lifecycle.upgrades.deployments.pod_replacement_strategy

  • Type: string

  • Description:

  • “RollingUpdate”

• pod.lifecycle.upgrades.deployments.revision_history

  • Type: int

  • Description:

  • 3

• pod.lifecycle.upgrades.deployments.rolling_update.max_surge

  • Type: int

  • Description:

  • 3

• pod.lifecycle.upgrades.deployments.rolling_update.max_unavailable

  • Type: int

  • Description:

  • 1

• pod.mounts.ldap_data_load.init_container

  • Type: string

  • Description:

  • nil

• pod.mounts.ldap_data_load.ldap_data_load

  • Type: string

  • Description:

  • nil

• pod.replicas.server

  • Type: int

  • Description:

  • 1

• pod.resources.enabled

  • Type: bool

  • Description:

  • false

• pod.resources.jobs.bootstrap.limits.cpu

  • Type: string

  • Description:

  • “2000m”

• pod.resources.jobs.bootstrap.limits.memory

  • Type: string

  • Description:

  • “1024Mi”

• pod.resources.jobs.bootstrap.requests.cpu

  • Type: string

  • Description:

  • “100m”

• pod.resources.jobs.bootstrap.requests.memory

  • Type: string

  • Description:

  • “128Mi”

• pod.resources.jobs.image_repo_sync.limits.cpu

  • Type: string

  • Description:

  • “2000m”

• pod.resources.jobs.image_repo_sync.limits.memory

  • Type: string

  • Description:

  • “1024Mi”

• pod.resources.jobs.image_repo_sync.requests.cpu

  • Type: string

  • Description:

  • “100m”

• pod.resources.jobs.image_repo_sync.requests.memory

  • Type: string

  • Description:

  • “128Mi”

• pod.resources.server.limits.cpu

  • Type: string

  • Description:

  • “2000m”

• pod.resources.server.limits.memory

  • Type: string

  • Description:

  • “1024Mi”

• pod.resources.server.requests.cpu

  • Type: string

  • Description:

  • “100m”

• pod.resources.server.requests.memory

  • Type: string

  • Description:

  • “128Mi”

• secrets.identity.admin

  • Type: string

  • Description:

  • “admin”

• secrets.identity.ldap

  • Type: string

  • Description:

  • “ldap”

• secrets.oci_image_registry.ldap

  • Type: string

  • Description:

  • “ldap-oci-image-registry-key”

• storage.host.config_path

  • Type: string

  • Description:

  • “/data/openstack-helm/config”

• storage.host.data_path

  • Type: string

  • Description:

  • “/data/openstack-helm/ldap”

• storage.pvc.class_name

  • Type: string

  • Description:

  • “general”

• storage.pvc.enabled

  • Type: bool

  • Description:

  • true

• storage.pvc.size

  • Type: string

  • Description:

  • “2Gi”