Original post

Description

LdapAuthn is a simple go web server that integrates with your OpenLDAP instance to handle k8s webook TokenReview requests

Specifications

LdapAuthn can run as binary or in a docker container and exposes on the port 8082 the following endpoints:

NAME METHOD PATH RESULT Content-Type
Webhook POST / k8s v1.TokenReview application/json
Health GET /health HealthData application/json

Details for Webhook endpoint

When a TokenReview hits the webhook endpoint by default the following error responses can occurs:

Code Status CAUSE
400 BadRequest the endpoint can’t parse the TokenRequest issued
401 Unauthorized invalid credentials
403 Forbidden the user has no LDAP groups associated
405 MethodNotAllowed the request isn’t a POST
406 NotAcceptable the k8s v1.TokenReview Spec token has bad formatting (correct format username:password)
500 InternalServerError LDAP errors

Usage

Env

LdapAuthn is docker ready. I choosed to configure the application via env variables:

ENV Description REQUIRED
LDAP_ADMIN_DN bind dn that can search on ldap tree YES
LDAP_ADMIN_PASSWORD bind dn password YES
LDAP_BASE_DN ldap base distinguished name YES
LDAP_URL url of the ldap server YES
LDAP_UID_ATTR attribute used for full user bind uid YES
LDAP_USER_PREFIX prefix attached to BaseDN for user search ou=Users YES
LOG_LEVEL Logrus log level NO
PROD if the application runs in a production environment NO
Init
Direct
 LDAP_URL='ldap://LDAP_HOST:389' 
 LDAP_ADMIN_DN='cn=admin,dc=example,dc=org' 
 LDAP_ADMIN_PASSWORD='PASSWORD' LDAP_BASE_DN='dc=example,dc=org' 
 LDAP_USER_PREFIX='ou=people,ou=users' 
 LDAP_UID_ATTR='uid' authn
Docker
docker run -e LDAP_URL='ldap://LDAP_HOST:389' 
           -e LDAP_ADMIN_DN='cn=admin,dc=example,dc=org' 
           -e LDAP_ADMIN_PASSWORD='PASSWORD' LDAP_BASE_DN='dc=example,dc=org' 
           -e LDAP_USER_PREFIX='ou=people,ou=users' 
           -e LDAP_UID_ATTR='uid' almartino/ldapauthn:latest
Helm

In progress