On the doc page https://docs.d2iq.com/dkp/konvoy/latest/access-authentication/howto-dex-ldap-connector/ described how to set up users' authentication using an external LDAP directory.
Dex's ldap connector currently doesn't support multiple hosts, but we can create several connectors of the same type.
To implement LDAP redundancy, we need to create an additional ldap connector with the same type, different name, and different host.
Here the example of ldap.yaml, which should be applied with the command 'kubectl apply -f ldap.yaml':
apiVersion: v1
kind: Secret
metadata:
name: ldap-password
namespace: kubeaddons
type: Opaque
stringData:
password: MyBindPassword
---
apiVersion: dex.mesosphere.io/v1alpha1
kind: Connector
metadata:
name: ldap1
namespace: kubeaddons
spec:
enabled: true
type: ldap
displayName: LDAP1
ldap:
host: eu.ldap.jumpcloud.com:389
insecureNoSSL: true
bindDN: uid=serviceaccount,ou=Users,o=myorgid,dc=jumpcloud,dc=com
bindSecretRef:
name: ldap-password
userSearch:
baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com
filter: "(objectClass=inetOrgPerson)"
username: uid
idAttr: uid
emailAttr: mail
groupSearch:
baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com
filter: "(objectClass=groupOfNames)"
userAttr: DN
groupAttr: member
nameAttr: ou
---
apiVersion: dex.mesosphere.io/v1alpha1
kind: Connector
metadata:
name: ldap2
namespace: kubeaddons
spec:
enabled: true
type: ldap
displayName: LDAP2
ldap:
host: aws-us.ldap.jumpcloud.com:389
insecureNoSSL: true
bindDN: uid=serviceaccount,ou=Users,o=myorgid,dc=jumpcloud,dc=com
bindSecretRef:
name: ldap-password
userSearch:
baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com
filter: "(objectClass=inetOrgPerson)"
username: uid
idAttr: uid
emailAttr: mail
groupSearch:
baseDN: ou=Users,o=myorgid,dc=jumpcloud,dc=com
filter: "(objectClass=groupOfNames)"
userAttr: DN
groupAttr: member
nameAttr: ou