🚀KubeSphere 3.1.1 全新发布!混合多云走向边缘,让应用无处不在,查看 v3.1.x 详细解读与视频👩‍💻 close
  • 简体中文
    • 简体中文
    1. 1.体验账号: demo1 / Demo123
    2. 2.该账号仅开放了部分 UI 界面查看权限
    3. 3.建议自行安装体验完整的管理功能
  •  Star
  1. 文档 / 
  2. 帐户管理和权限控制 / 
  3. LDAP身份提供者

帐户管理和权限控制

最新更新:
    编辑

    LDAP身份提供者

    LDAP Authentication

    Set LDAPIdentityProvider in the identityProviders section to validate username and password against an LDAPv3 server using simple bind authentication.

    During authentication, the LDAP directory is searched for an entry that matches the provided username. If a single unique match is found, a simple bind is attempted using the DN of the entry plus the provided password.

    Example Configuration Using LDAPIdentityProvider:

    apiVersion: installer.kubesphere.io/v1alpha1
kind: ClusterConfiguration
metadata:
  name: ks-installer
spec:
  authentication:
    jwtSecret: ********************************
    authenticateRateLimiterMaxTries: 10
    authenticateRateLimiterDuration: 10m
    oauthOptions:
      accessTokenInactivityTimeout: 30m
      accessTokenMaxAge: 1h
      identityProviders:
      - name: ldap
        type: LDAPIdentityProvider
        mappingMethod: auto
        provider:
          host: 192.168.0.2:389
          managerDN: uid=root,cn=users,dc=nas
          managerPassword: ******
          userSearchBase: cn=users,dc=nas
          loginAttribute: uid
          mailAttribute: mail

    For the above example:

    Parameter Description
    insecureSkipVerify Used to turn off TLS certificate checks.
    startTLS If specified, connections will use the ldaps:// protocol.
    rootCA Path to a trusted root certificate file. Default: use the host’s root CA.
    rootCAData A raw certificate file can also be provided inline. Base64 encoded PEM file.
    host The name and port of the LDAP server.
    managerDN DN to use to bind during the search phase.
    managerPassword Password to use to bind during the search phase.
    userSearchBase The search base is the distinguished name (DN) of a level of the directory tree below which all users can be found.
    userSearchFilter LDAP filter used to identify objects of type user. e.g. (objectClass=person)
    loginAttribute User naming attributes identify user objects, will be mapped to KubeSphere account name.
    mailAttribute The mail attribute will be mapped to the KubeSphere account.

    感谢您的反馈。如果您有关于如何使用 KubeSphere 的具体问题,请在 Slack 上提问。如果您想报告问题或提出改进建议,请在 GitHub 存储库中打开问题。

    上一篇 : 认证配置
    页面内容