Add Active Directory and kubeloing integration sample.

2019-01-25 18:09:16 +00:00
parent f1581ff873
commit 2d7de4ec70
1 changed files with 58 additions and 0 deletions
--- a/examples/config-ad-kubelogin.yaml
+++ b/examples/config-ad-kubelogin.yaml
@@ -0,0 +1,58 @@
+# Active Directory and kubelogin Integration sample
+issuer: https://dex.example.com:32000/dex
+storage:
+  type: sqlite3
+  config:
+    file: examples/dex.db
+web:
+  https: 0.0.0.0:32000
+  tlsCert: openid-ca.pem
+  tlsKey: openid-key.pem
+
+connectors:
+- type: ldap
+  name: OpenLDAP
+  id: ldap
+  config:
+    host: localhost:636
+
+    # No TLS for this setup.
+    insecureNoSSL: false
+    insecureSkipVerify: true
+
+    # This would normally be a read-only user.
+    bindDN: cn=Administrator,cn=users,dc=example,dc=com
+    bindPW: admin0!
+
+    usernamePrompt: Email Address
+
+    userSearch:
+      baseDN: cn=Users,dc=example,dc=com
+      filter: "(objectClass=person)"
+      username: userPrincipalName
+      # "DN" (case sensitive) is a special attribute name. It indicates that
+      # this value should be taken from the entity's DN not an attribute on
+      # the entity.
+      idAttr: DN
+      emailAttr: userPrincipalName
+      nameAttr: cn
+
+    groupSearch:
+      baseDN: cn=Users,dc=example,dc=com
+      filter: "(objectClass=group)"
+
+      # A user is a member of a group when their DN matches
+      # the value of a "member" attribute on the group entity.
+      userAttr: DN
+      groupAttr: member
+
+      # The group name should be the "cn" value.
+      nameAttr: cn
+
+staticClients:
+- id: kubernetes
+  redirectURIs:
+  - 'http://localhost:8000'
+  name: 'Kubernetes'
+  secret: ZXhhbXBsZS1hcHAtc2VjcmV0
+