Question: How to enable OpenLDAP Authentication in Spinnaker?


Answer:

  • In this scenario, you will be setting up OpenLDAP by doing a helm based installation.
  • Execute the below command to install OpenLDAP.
helm install --name openldap stable/openldap
  • You can always configure the base dn and other attributes of the OpenLDAP. Out of the box, it sets up with a base dn of dc=example,dc=org. You can get the password of the admin user using below command
kubectl get secret --namespace default openldap -o jsonpath="{.data.LDAP_ADMIN_PASSWORD}" | base64 --decode; echo
  • Now, Configure Spinnaker to use OpenLDAP, you need to do the configuration via Debian Halyard or Halyard Container.
  • Execute the below commands to enable OpenLDAP Authentication
hal config security authn ldap edit --user-dn-pattern="cn={0}" --url=ldap://openldap.default:389/dc=example,dc=org

hal config security authn ldap enable
  • Now, restart spinnaker services for the changes to reflect on Spinnaker
hal deploy apply
  • Now, Login to the Spinnaker using the admin credentials captured above.