deployment

No menu items for this category
Home/Deployment/Security/Ldap/Kubernetes

LDAP Authentication for Kubernetes

This guide outlines how to configure LDAP authentication for Kubernetes deployments of OpenMetadata. It includes details on required configurations, optional settings, and best practices to ensure secure and efficient authentication.

Authentication Configuration

Mandatory Fields for LDAP Configuration

  • provider: Set to ldap for enabling LDAP authentication.
  • publicKeys: Provide the public key URL in the format {http|https}://{your_domain}:{port}/api/v1/system/config/jwks.
  • authority: Specify your domain (e.g., your_domain).
  • enableSelfSignup: Set to false for LDAP.

Key LDAP Fields

  • host: Hostname of the LDAP server (e.g., localhost).
  • port: Port of the LDAP server (e.g., 10636).
  • dnAdminPrincipal: The Distinguished Name (DN) of the admin principal (e.g., cn=admin,dc=example,dc=com).
  • dnAdminPassword: Password for the admin principal.
  • userBaseDN: Base DN for user lookups (e.g., ou=people,dc=example,dc=com).

Optional Advanced Configuration

  • maxPoolSize: Maximum connection pool size.
  • sslEnabled: Set to true to enable SSL connections to the LDAP server.
  • truststoreConfigType: Determines the type of trust store to use (CustomTrustStore, HostName, JVMDefault, or TrustAll).

Example: TrustStore Configurations

TrustAll Configuration

JVMDefault Configuration

HostName Configuration

CustomTrustStore Configuration

Configure Ingestion

Once your server security is set, it's time to review the ingestion configuration. Our bots support JWT tokens to authenticate to the server when sending requests.

Find more information on Enabling JWT Tokens and JWT Troubleshooting to ensure seamless authentication.