Configure Mission Control to use LDAP for authentication
Mission Control supports authentication through OpenID Connect (OIDC) and LDAP. This topic describes configuring LDAP authentication within Mission Control. See Configuring OIDC for the other supported authentication protocol.
Prerequisites
-
An instance of Mission Control, installed through either your own Kubernetes cluster or the runtime installer. See planning for your installation.
-
A prepared environment on either bare-metal/VM or an existing Kubernetes cluster.
Configure Mission Control to use LDAP for authentication
-
Port-forward to the admin console:
kubectl kots admin-console -
Navigate to http://127.0.0.1:8800 (password admin) and edit the Mission Control configuration to enable the LDAP connector, providing your environment’s LDAP information:
-
Host ldap.default:389
-
no SSL true
-
Bind DN cn=admin,dc=example,dc=org
-
Bind password Not@SecurePassw0rd
-
User base DN ou=users,dc=example,dc=org
-
User filter (objectClass=inetOrgPerson)
-
Username attribute cn
-
User id attribute uidNumber
-
User email attribute cn (using this because the default schema does not have an email field)
-
User display name attribute cn
-
Preferred username attribute cn
-
Group base DN ou=users,dc=example,dc=org
-
Group filter (objectClass=groupOfNames)
-
Group user matcher
-
- userAttr: dn
-
groupAttr: member
-
-
Group name attribute cn
-
-
Deploy the new configuration.
Test the connection
-
Navigate to the Mission Control UI and try to connect with LDAP and one of the test users, for example,
user01 / password01. -
You can also remove the admin user in the Mission Control configuration (by unchecking the Create a temporary admin user selection box), and the
connect with emailoption should no longer be available.
