K
Q

How to connect to OpenLDAP which created by official helm chart?

4/12/2020

Using Helm 3 installed OpenLDAP:

helm install openldap stable/openldap

Got this message:

NAME: openldap
LAST DEPLOYED: Sun Apr 12 13:54:45 2020
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
OpenLDAP has been installed. You can access the server from within the k8s cluster using:

  openldap.default.svc.cluster.local:389


You can access the LDAP adminPassword and configPassword using:

  kubectl get secret --namespace default openldap -o jsonpath="{.data.LDAP_ADMIN_PASSWORD}" | base64 --decode; echo
  kubectl get secret --namespace default openldap -o jsonpath="{.data.LDAP_CONFIG_PASSWORD}" | base64 --decode; echo


You can access the LDAP service, from within the cluster (or with kubectl port-forward) with a command like (replace password and domain):
  ldapsearch -x -H ldap://openldap.default.svc.cluster.local:389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w $LDAP_ADMIN_PASSWORD


Test server health using Helm test:
  helm test openldap


You can also consider installing the helm chart for phpldapadmin to manage this instance of OpenLDAP, or install Apache Directory Studio, and connect using kubectl port-forward.

However I can't use this command to search content on ldap server in the k8s cluster:

export LDAP_ADMIN_PASSWORD=[REAL_PASSWORD_GET_ABOVE]
ldapsearch -x -H ldap://openldap.default.svc.cluster.local:389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w $LDAP_ADMIN_PASSWORD

Got error

ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

I also login to the pod to run

kubectl exec -it openldap -- /bin/bash
# export LDAP_ADMIN_PASSWORD=[REAL_PASSWORD_GET_ABOVE]
# ldapsearch -x -H ldap://openldap.default.svc.cluster.local:389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w $LDAP_ADMIN_PASSWORD

The same.

-- rawmain
kubernetes
kubernetes-helm
ldap
openldap

Similar Questions

Terraform kubernetes commands failing with private GKE cluster
kibana portal not showing elastic search where I can possibly learn data and indices. elastic-stack
Elastic cloud on Kubernetes (ECK) using helm 3
Error: PostgreSQL Kubernetes data directory "/var/lib/postgresql/data" has wrong ownership windows

1 Answer

4/14/2020

As it's stated in the notes:

NOTES: OpenLDAP has been installed. You can access the server from within the k8s cluster using:

openldap.default.svc.cluster.local:389

You can access the LDAP adminPassword and configPassword using:

kubectl get secret --namespace default openldap -o jsonpath="{.data.LDAP_ADMIN_PASSWORD}" | base64 --decode; echo kubectl get secret --namespace default openldap -o jsonpath="{.data.LDAP_CONFIG_PASSWORD}" | base64 --decode; echo

You can access the LDAP service, from within the cluster (or with kubectl port-forward) with a command like (replace password and domain): ldapsearch -x -H ldap://openldap.default.svc.cluster.local:389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w $LDAP_ADMIN_PASSWORD

Test server health using Helm test: helm test openldap

You can also consider installing the helm chart for phpldapadmin to manage this instance of OpenLDAP, or install Apache Directory Studio, and connect using kubectl port-forward.

You can do:

$ kubectl port-forward services/openldap 3389:389 
Forwarding from 127.0.0.1:3389 -> 389
Forwarding from [::1]:3389 -> 389
Handling connection for 3389

From another shell, outside the Kubernetes cluster:

$ kubectl get secret --namespace default openldap -o jsonpath="{.data.LDAP_ADMIN_PASSWORD}" | base64 --decode; echo
l3dkQByvzKKboCWQRyyQl96ulnGLScIx
$ ldapsearch -x -H ldap://localhost:3389 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w  l3dkQByvzKKboCWQRyyQl96ulnGLScIx

Also it was already mentioned in a comment by @Totem

-- Crou
Source: StackOverflow