Configuring the Dex LDAP connector with TLS

To configure a Dex LDAP connector in Kommander with TLS, the parameter “spec.ldap.rootCASecretRef” must be specified. This parameter specifies a secret that holds the root CA that is used for TLS validation and secret should have type "Opaque" and contain the key "tls.crt". To create the secret the following command can be used:

kubectl -n kommander create secret generic ldap-ca-secret --from-file=tls.crt=ca.crt

Here is an example of the Dex LDAP connector that communicates with an LDAP service hosted in jumpcloud:

apiVersion: v1
kind: Secret
metadata:
  name: ldap-password
  namespace: kommander
type: Opaque
stringData:
  password: password
---
apiVersion: dex.mesosphere.io/v1alpha1
kind: Connector
metadata:
  name: jumpcloud-ldap
  namespace: kommander
spec:
  enabled: true
  type: ldap
  displayName: LDAP JumpCloud
  ldap:
    rootCASecretRef: 
      name: ldap-ca-secret
    host: ldap.jumpcloud.com:636
    insecureNoSSL: false
    insecureSkipVerify: false 
    bindDN: cn=read-only-admin,dc=jumpcloud,dc=com
    bindSecretRef:
      name: ldap-password
    userSearch:
      baseDN: dc=jumpcloud,dc=com
      filter: "(objectClass=inetOrgPerson)"
      username: uid
      idAttr: uid
      emailAttr: mail
    groupSearch:
      baseDN: dc=jumpcloud,dc=com
      filter: "(objectClass=groupOfUniqueNames)"
      userMatchers:
      - userAttr: DN
        groupAttr: uniqueMember
      nameAttr: ou