From 2d7de4ec709483b330f3b56db235e41eda395a32 Mon Sep 17 00:00:00 2001 From: Takashi Okamoto <toraneko@gmail.com> Date: Fri, 25 Jan 2019 18:09:16 +0000 Subject: [PATCH] Add Active Directory and kubeloing integration sample. --- examples/config-ad-kubelogin.yaml | 58 +++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 examples/config-ad-kubelogin.yaml diff --git a/examples/config-ad-kubelogin.yaml b/examples/config-ad-kubelogin.yaml new file mode 100644 index 00000000..20bb9bd8 --- /dev/null +++ b/examples/config-ad-kubelogin.yaml @@ -0,0 +1,58 @@ +# Active Directory and kubelogin Integration sample +issuer: https://dex.example.com:32000/dex +storage: + type: sqlite3 + config: + file: examples/dex.db +web: + https: 0.0.0.0:32000 + tlsCert: openid-ca.pem + tlsKey: openid-key.pem + +connectors: +- type: ldap + name: OpenLDAP + id: ldap + config: + host: localhost:636 + + # No TLS for this setup. + insecureNoSSL: false + insecureSkipVerify: true + + # This would normally be a read-only user. + bindDN: cn=Administrator,cn=users,dc=example,dc=com + bindPW: admin0! + + usernamePrompt: Email Address + + userSearch: + baseDN: cn=Users,dc=example,dc=com + filter: "(objectClass=person)" + username: userPrincipalName + # "DN" (case sensitive) is a special attribute name. It indicates that + # this value should be taken from the entity's DN not an attribute on + # the entity. + idAttr: DN + emailAttr: userPrincipalName + nameAttr: cn + + groupSearch: + baseDN: cn=Users,dc=example,dc=com + filter: "(objectClass=group)" + + # A user is a member of a group when their DN matches + # the value of a "member" attribute on the group entity. + userAttr: DN + groupAttr: member + + # The group name should be the "cn" value. + nameAttr: cn + +staticClients: +- id: kubernetes + redirectURIs: + - 'http://localhost:8000' + name: 'Kubernetes' + secret: ZXhhbXBsZS1hcHAtc2VjcmV0 + -- GitLab