mirror of
https://github.com/vmware-tanzu/pinniped.git
synced 2026-01-05 04:56:11 +00:00
Use Okta LDAP instead of Jumpcloud LDAP
This commit is contained in:
Ryan Richard
@@ -205,6 +205,7 @@ meta:
|
||||
JUMPCLOUD_LDAP_BIND_ACCOUNT_PASSWORD: ((jumpcloud-ldap-bind-account-password))
|
||||
JUMPCLOUD_LDAP_USERS_SEARCH_BASE: ((jumpcloud-ldap-users-search-base))
|
||||
JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE: ((jumpcloud-ldap-groups-search-base))
|
||||
JUMPCLOUD_LDAP_GROUPS_SEARCH_FILTER: ((jumpcloud-ldap-groups-search-filter))
|
||||
JUMPCLOUD_LDAP_USER_DN: ((jumpcloud-ldap-user-dn))
|
||||
JUMPCLOUD_LDAP_USER_CN: ((jumpcloud-ldap-user-cn))
|
||||
JUMPCLOUD_LDAP_USER_PASSWORD: ((jumpcloud-ldap-user-password))
|
||||
@@ -216,6 +217,25 @@ meta:
|
||||
JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_CN: ((jumpcloud-ldap-expected-direct-groups-cn))
|
||||
JUMPCLOUD_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN: ((jumpcloud-ldap-expected-direct-posix-groups-cn))
|
||||
|
||||
okta_ldap_integration_env_vars: &okta_ldap_integration_env_vars
|
||||
OKTA_LDAP_HOST: ((okta-ldap-host))
|
||||
OKTA_LDAP_STARTTLS_ONLY_HOST: ((okta-ldap-start-tls-only-host))
|
||||
OKTA_LDAP_BIND_ACCOUNT_USERNAME: ((okta-ldap-bind-account-username))
|
||||
OKTA_LDAP_BIND_ACCOUNT_PASSWORD: ((okta-ldap-bind-account-password))
|
||||
OKTA_LDAP_USERS_SEARCH_BASE: ((okta-ldap-users-search-base))
|
||||
OKTA_LDAP_GROUPS_SEARCH_BASE: ((okta-ldap-groups-search-base))
|
||||
OKTA_LDAP_GROUPS_SEARCH_FILTER: ((okta-ldap-groups-search-filter))
|
||||
OKTA_LDAP_USER_DN: ((okta-ldap-user-dn))
|
||||
OKTA_LDAP_USER_CN: ((okta-ldap-user-cn))
|
||||
OKTA_LDAP_USER_PASSWORD: ((okta-ldap-user-password))
|
||||
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME: ((okta-ldap-user-unique-id-attribute-name))
|
||||
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE: ((okta-ldap-user-unique-id-attribute-value))
|
||||
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_NAME: ((okta-ldap-user-email-attribute-name))
|
||||
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_VALUE: ((okta-ldap-user-email-attribute-value))
|
||||
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_DN: ((okta-ldap-expected-direct-groups-dn))
|
||||
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_CN: ((okta-ldap-expected-direct-groups-cn))
|
||||
OKTA_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN: ((okta-ldap-expected-direct-posix-groups-cn))
|
||||
|
||||
active_directory_integration_env_vars: &active_directory_integration_env_vars
|
||||
TEST_ACTIVE_DIRECTORY: "yes"
|
||||
AWS_AD_HOST: ((aws-ad-host))
|
||||
@@ -1824,11 +1844,10 @@ jobs:
|
||||
# We don't need to run these on every version of Kubernetes for Kind in this pipeline, so we choose to run
|
||||
# them on one version to get some coverage.
|
||||
<<: *okta_integration_env_vars
|
||||
# The following Jumpcloud params will cause the integration tests to use Jumpcloud instead of OpenLDAP.
|
||||
# The following Okta LDAP params will cause the integration tests to use Okta LDAP instead of OpenLDAP.
|
||||
# We don't need to run these on every version of Kubernetes for Kind in this pipeline, so we choose to run
|
||||
# them on one version to get some coverage.
|
||||
# TODO: replace this with some other LDAP and open firewall for outgoing LDAP and LDAPs
|
||||
# <<: *jumpcloud_integration_env_vars
|
||||
<<: *okta_ldap_integration_env_vars
|
||||
# The following AD params enable the ActiveDirectory integration tests. We don't need to run these on every
|
||||
# version of Kubernetes for Kind in this pipeline, so we choose to run them on one version to get some coverage.
|
||||
# TODO: bring this back with a new AD server
|
||||
@@ -2514,8 +2533,7 @@ jobs:
|
||||
INGRESS_DNS_NAME: gke-acceptance-supervisor-ingress.test.pinniped.broadcom.net
|
||||
<<: *okta_integration_env_vars
|
||||
OKTA_SUPERVISOR_CALLBACK: ((okta-supervisor-callback))
|
||||
# TODO: replace this with some other LDAP and open firewall for outgoing LDAP and LDAPs
|
||||
# <<: *jumpcloud_integration_env_vars
|
||||
<<: *okta_ldap_integration_env_vars
|
||||
# TODO: bring this back with a new AD server
|
||||
# <<: *active_directory_integration_env_vars
|
||||
<<: *github_integration_env_vars
|
||||
|
||||
@@ -137,6 +137,7 @@ meta:
|
||||
JUMPCLOUD_LDAP_BIND_ACCOUNT_PASSWORD: ((jumpcloud-ldap-bind-account-password))
|
||||
JUMPCLOUD_LDAP_USERS_SEARCH_BASE: ((jumpcloud-ldap-users-search-base))
|
||||
JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE: ((jumpcloud-ldap-groups-search-base))
|
||||
JUMPCLOUD_LDAP_GROUPS_SEARCH_FILTER: ((jumpcloud-ldap-groups-search-filter))
|
||||
JUMPCLOUD_LDAP_USER_DN: ((jumpcloud-ldap-user-dn))
|
||||
JUMPCLOUD_LDAP_USER_CN: ((jumpcloud-ldap-user-cn))
|
||||
JUMPCLOUD_LDAP_USER_PASSWORD: ((jumpcloud-ldap-user-password))
|
||||
@@ -148,6 +149,25 @@ meta:
|
||||
JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_CN: ((jumpcloud-ldap-expected-direct-groups-cn))
|
||||
JUMPCLOUD_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN: ((jumpcloud-ldap-expected-direct-posix-groups-cn))
|
||||
|
||||
okta_ldap_integration_env_vars: &okta_ldap_integration_env_vars
|
||||
OKTA_LDAP_HOST: ((okta-ldap-host))
|
||||
OKTA_LDAP_STARTTLS_ONLY_HOST: ((okta-ldap-start-tls-only-host))
|
||||
OKTA_LDAP_BIND_ACCOUNT_USERNAME: ((okta-ldap-bind-account-username))
|
||||
OKTA_LDAP_BIND_ACCOUNT_PASSWORD: ((okta-ldap-bind-account-password))
|
||||
OKTA_LDAP_USERS_SEARCH_BASE: ((okta-ldap-users-search-base))
|
||||
OKTA_LDAP_GROUPS_SEARCH_BASE: ((okta-ldap-groups-search-base))
|
||||
OKTA_LDAP_GROUPS_SEARCH_FILTER: ((okta-ldap-groups-search-filter))
|
||||
OKTA_LDAP_USER_DN: ((okta-ldap-user-dn))
|
||||
OKTA_LDAP_USER_CN: ((okta-ldap-user-cn))
|
||||
OKTA_LDAP_USER_PASSWORD: ((okta-ldap-user-password))
|
||||
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME: ((okta-ldap-user-unique-id-attribute-name))
|
||||
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE: ((okta-ldap-user-unique-id-attribute-value))
|
||||
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_NAME: ((okta-ldap-user-email-attribute-name))
|
||||
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_VALUE: ((okta-ldap-user-email-attribute-value))
|
||||
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_DN: ((okta-ldap-expected-direct-groups-dn))
|
||||
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_CN: ((okta-ldap-expected-direct-groups-cn))
|
||||
OKTA_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN: ((okta-ldap-expected-direct-posix-groups-cn))
|
||||
|
||||
active_directory_integration_env_vars: &active_directory_integration_env_vars
|
||||
TEST_ACTIVE_DIRECTORY: "yes"
|
||||
AWS_AD_HOST: ((aws-ad-host))
|
||||
@@ -1216,11 +1236,10 @@ jobs:
|
||||
# We don't need to run these on every version of Kubernetes for Kind in this pipeline, so we choose to run
|
||||
# them on one version to get some coverage.
|
||||
<<: *okta_integration_env_vars
|
||||
# The following Jumpcloud params will cause the integration tests to use Jumpcloud instead of OpenLDAP.
|
||||
# The following Okta LDAP params will cause the integration tests to use Okta LDAP instead of OpenLDAP.
|
||||
# We don't need to run these on every version of Kubernetes for Kind in this pipeline, so we choose to run
|
||||
# them on one version to get some coverage.
|
||||
# TODO: replace this with some other LDAP and open firewall for outgoing LDAP and LDAPs
|
||||
# <<: *jumpcloud_integration_env_vars
|
||||
<<: *okta_ldap_integration_env_vars
|
||||
# The following AD params enable the ActiveDirectory integration tests. We don't need to run these on every
|
||||
# version of Kubernetes for Kind in this pipeline, so we choose to run them on one version to get some coverage.
|
||||
# TODO: bring this back with a new AD server
|
||||
|
||||
@@ -42,7 +42,7 @@ set -euo pipefail
|
||||
# - $DEPLOY_LOCAL_USER_AUTHENTICATOR, when set to "yes", will deploy and use the
|
||||
# local-user-authenticator instead of using the TMC webhook authenticator.
|
||||
# - $DEPLOY_TEST_TOOLS will deploy the squid proxy, Dex, and OpenLDAP into the cluster.
|
||||
# If the OKTA_* and JUMPCLOUD_* variables are not present, then Dex and OpenLDAP
|
||||
# If the OKTA_* and JUMPCLOUD_*/OKTA_LDAP* variables are not present, then Dex and OpenLDAP
|
||||
# will be configured for the integration tests.
|
||||
# - To use Okta instead of Dex, use the variables $OKTA_ISSUER, $OKTA_CLI_CLIENT_ID,
|
||||
# $OKTA_CLI_CALLBACK, $OKTA_ADDITIONAL_SCOPES, $OKTA_USERNAME_CLAIM, $OKTA_GROUPS_CLAIM,
|
||||
@@ -51,19 +51,28 @@ set -euo pipefail
|
||||
# - To use Jumpcloud instead of OpenLDAP, use the variables $JUMPCLOUD_LDAP_HOST,
|
||||
# $JUMPCLOUD_LDAP_STARTTLS_ONLY_HOST,
|
||||
# $JUMPCLOUD_LDAP_BIND_ACCOUNT_USERNAME, $JUMPCLOUD_LDAP_BIND_ACCOUNT_PASSWORD,
|
||||
# $JUMPCLOUD_LDAP_USERS_SEARCH_BASE, $JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE,
|
||||
# $JUMPCLOUD_LDAP_USERS_SEARCH_BASE, $JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE, $JUMPCLOUD_LDAP_GROUPS_SEARCH_FILTER,
|
||||
# $JUMPCLOUD_LDAP_USER_DN, $JUMPCLOUD_LDAP_USER_CN, $JUMPCLOUD_LDAP_USER_PASSWORD,
|
||||
# $JUMPCLOUD_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME, $JUMPCLOUD_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE,
|
||||
# $JUMPCLOUD_LDAP_USER_EMAIL_ATTRIBUTE_NAME, $JUMPCLOUD_LDAP_USER_EMAIL_ATTRIBUTE_VALUE,
|
||||
# $JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_DN, $JUMPCLOUD_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN,
|
||||
# and $JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_CN to configure the LDAP tests.
|
||||
# - To use Okta LDAP instead of OpenLDAP, use the variables $OKTA_LDAP_HOST,
|
||||
# $OKTA_LDAP_STARTTLS_ONLY_HOST,
|
||||
# $OKTA_LDAP_BIND_ACCOUNT_USERNAME, $OKTA_LDAP_BIND_ACCOUNT_PASSWORD,
|
||||
# $OKTA_LDAP_USERS_SEARCH_BASE, $OKTA_LDAP_GROUPS_SEARCH_BASE, $OKTA_LDAP_GROUPS_SEARCH_FILTER,
|
||||
# $OKTA_LDAP_USER_DN, $OKTA_LDAP_USER_CN, $OKTA_LDAP_USER_PASSWORD,
|
||||
# $OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME, $OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE,
|
||||
# $OKTA_LDAP_USER_EMAIL_ATTRIBUTE_NAME, $OKTA_LDAP_USER_EMAIL_ATTRIBUTE_VALUE,
|
||||
# $OKTA_LDAP_EXPECTED_DIRECT_GROUPS_DN, $OKTA_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN,
|
||||
# and $OKTA_LDAP_EXPECTED_DIRECT_GROUPS_CN to configure the LDAP tests.
|
||||
# - $FIREWALL_IDPS, when set to "yes" will add NetworkPolicies to effectively firewall the Concierge
|
||||
# and Supervisor pods such that they need to use the Squid proxy server to reach several of the IDPs.
|
||||
# Note that NetworkPolicy is not supported on all flavors of Kube, but can be enabled on GKE by using
|
||||
# `--enable-network-policy` when creating the GKE cluster, abd is supported in recent versions of Kind.
|
||||
# - $TEST_ACTIVE_DIRECTORY determines whether to test against AWS Managed Active
|
||||
# Directory. Note that there's no "local" equivalent-- for OIDC we use Dex's internal
|
||||
# user store or Okta, for LDAP we deploy OpenLDAP or use Jumpcloud,
|
||||
# user store or Okta, for LDAP we deploy OpenLDAP or use Jumpcloud/Okta LDAP,
|
||||
# but for AD there is only the hosted version.
|
||||
# When set, the tests are configured with the variables
|
||||
# $AWS_AD_HOST, $AWS_AD_DOMAIN, $AWS_AD_BIND_ACCOUNT_USERNAME, $AWS_AD_BIND_ACCOUNT_PASSWORD,
|
||||
@@ -623,6 +632,7 @@ if [[ "${DEPLOY_TEST_TOOLS:-no}" == "yes" ]]; then
|
||||
pinniped_test_ldap_bind_account_password=password
|
||||
pinniped_test_ldap_users_search_base="ou=users,dc=pinniped,dc=dev"
|
||||
pinniped_test_ldap_groups_search_base="ou=groups,dc=pinniped,dc=dev"
|
||||
pinniped_test_ldap_groups_search_filter=""
|
||||
pinniped_test_ldap_user_dn="cn=pinny,ou=users,dc=pinniped,dc=dev"
|
||||
pinniped_test_ldap_user_cn="pinny"
|
||||
pinniped_test_ldap_user_password=${ldap_test_password}
|
||||
@@ -682,6 +692,7 @@ if [[ "${JUMPCLOUD_LDAP_HOST:-no}" != "no" ]]; then
|
||||
pinniped_test_ldap_bind_account_password="$JUMPCLOUD_LDAP_BIND_ACCOUNT_PASSWORD"
|
||||
pinniped_test_ldap_users_search_base="$JUMPCLOUD_LDAP_USERS_SEARCH_BASE"
|
||||
pinniped_test_ldap_groups_search_base="$JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE"
|
||||
pinniped_test_ldap_groups_search_filter="$JUMPCLOUD_LDAP_GROUPS_SEARCH_FILTER"
|
||||
pinniped_test_ldap_user_dn="$JUMPCLOUD_LDAP_USER_DN"
|
||||
pinniped_test_ldap_user_cn="$JUMPCLOUD_LDAP_USER_CN"
|
||||
pinniped_test_ldap_user_password="$JUMPCLOUD_LDAP_USER_PASSWORD"
|
||||
@@ -696,6 +707,31 @@ if [[ "${JUMPCLOUD_LDAP_HOST:-no}" != "no" ]]; then
|
||||
pinniped_test_ldap_expected_indirect_groups_cn=""
|
||||
fi
|
||||
|
||||
# Whether or not the tools namespace is deployed, we can configure the integration
|
||||
# tests to use Jumpcloud instead of Okta LDAP as the LDAP provider.
|
||||
if [[ "${OKTA_LDAP_HOST:-no}" != "no" ]]; then
|
||||
pinniped_test_ldap_host="$OKTA_LDAP_HOST"
|
||||
pinniped_test_ldap_starttls_only_host="$OKTA_LDAP_STARTTLS_ONLY_HOST"
|
||||
pinniped_test_ldap_ldaps_ca_bundle=""
|
||||
pinniped_test_ldap_bind_account_username="$OKTA_LDAP_BIND_ACCOUNT_USERNAME"
|
||||
pinniped_test_ldap_bind_account_password="$OKTA_LDAP_BIND_ACCOUNT_PASSWORD"
|
||||
pinniped_test_ldap_users_search_base="$OKTA_LDAP_USERS_SEARCH_BASE"
|
||||
pinniped_test_ldap_groups_search_base="$OKTA_LDAP_GROUPS_SEARCH_BASE"
|
||||
pinniped_test_ldap_groups_search_filter="$OKTA_LDAP_GROUPS_SEARCH_FILTER"
|
||||
pinniped_test_ldap_user_dn="$OKTA_LDAP_USER_DN"
|
||||
pinniped_test_ldap_user_cn="$OKTA_LDAP_USER_CN"
|
||||
pinniped_test_ldap_user_password="$OKTA_LDAP_USER_PASSWORD"
|
||||
pinniped_test_ldap_user_unique_id_attribute_name="$OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME"
|
||||
pinniped_test_ldap_user_unique_id_attribute_value="$OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE"
|
||||
pinniped_test_ldap_user_email_attribute_name="$OKTA_LDAP_USER_EMAIL_ATTRIBUTE_NAME"
|
||||
pinniped_test_ldap_user_email_attribute_value="$OKTA_LDAP_USER_EMAIL_ATTRIBUTE_VALUE"
|
||||
pinniped_test_ldap_expected_direct_groups_dn="$OKTA_LDAP_EXPECTED_DIRECT_GROUPS_DN"
|
||||
pinniped_test_ldap_expected_indirect_groups_dn=""
|
||||
pinniped_test_ldap_expected_direct_groups_cn="$OKTA_LDAP_EXPECTED_DIRECT_GROUPS_CN"
|
||||
pinniped_test_ldap_expected_direct_posix_groups_cn="$OKTA_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN"
|
||||
pinniped_test_ldap_expected_indirect_groups_cn=""
|
||||
fi
|
||||
|
||||
if [[ "${TEST_ACTIVE_DIRECTORY:-no}" == "yes" ]]; then
|
||||
# there's no way to test active directory locally... it has to be aws managed ad or nothing.
|
||||
# this is a separate toggle from $DEPLOY_TEST_TOOLS so we can run against ad once in the pr pipeline
|
||||
@@ -1203,6 +1239,7 @@ export PINNIPED_TEST_LDAP_BIND_ACCOUNT_USERNAME='${pinniped_test_ldap_bind_accou
|
||||
export PINNIPED_TEST_LDAP_BIND_ACCOUNT_PASSWORD='${pinniped_test_ldap_bind_account_password}'
|
||||
export PINNIPED_TEST_LDAP_USERS_SEARCH_BASE='${pinniped_test_ldap_users_search_base}'
|
||||
export PINNIPED_TEST_LDAP_GROUPS_SEARCH_BASE='${pinniped_test_ldap_groups_search_base}'
|
||||
export PINNIPED_TEST_LDAP_GROUPS_SEARCH_FILTER='${pinniped_test_ldap_groups_search_filter}'
|
||||
export PINNIPED_TEST_LDAP_USER_DN='${pinniped_test_ldap_user_dn}'
|
||||
export PINNIPED_TEST_LDAP_USER_CN='${pinniped_test_ldap_user_cn}'
|
||||
export PINNIPED_TEST_LDAP_USER_PASSWORD='${pinniped_test_ldap_user_password}'
|
||||
|
||||
@@ -175,6 +175,7 @@ pinniped_test_ldap_bind_account_username="cn=admin,dc=pinniped,dc=dev"
|
||||
pinniped_test_ldap_bind_account_password=password
|
||||
pinniped_test_ldap_users_search_base="ou=users,dc=pinniped,dc=dev"
|
||||
pinniped_test_ldap_groups_search_base="ou=groups,dc=pinniped,dc=dev"
|
||||
pinniped_test_ldap_groups_search_filter=""
|
||||
pinniped_test_ldap_user_dn="cn=pinny,ou=users,dc=pinniped,dc=dev"
|
||||
pinniped_test_ldap_user_cn="pinny"
|
||||
pinniped_test_ldap_user_password=${ldap_test_password}
|
||||
@@ -291,6 +292,7 @@ export PINNIPED_TEST_LDAP_BIND_ACCOUNT_USERNAME='${pinniped_test_ldap_bind_accou
|
||||
export PINNIPED_TEST_LDAP_BIND_ACCOUNT_PASSWORD='${pinniped_test_ldap_bind_account_password}'
|
||||
export PINNIPED_TEST_LDAP_USERS_SEARCH_BASE='${pinniped_test_ldap_users_search_base}'
|
||||
export PINNIPED_TEST_LDAP_GROUPS_SEARCH_BASE='${pinniped_test_ldap_groups_search_base}'
|
||||
export PINNIPED_TEST_LDAP_GROUPS_SEARCH_FILTER='${pinniped_test_ldap_groups_search_filter}'
|
||||
export PINNIPED_TEST_LDAP_USER_DN='${pinniped_test_ldap_user_dn}'
|
||||
export PINNIPED_TEST_LDAP_USER_CN='${pinniped_test_ldap_user_cn}'
|
||||
export PINNIPED_TEST_LDAP_USER_PASSWORD='${pinniped_test_ldap_user_password}'
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# Copyright 2020-2024 the Pinniped contributors. All Rights Reserved.
|
||||
# Copyright 2020-2025 the Pinniped contributors. All Rights Reserved.
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
---
|
||||
@@ -75,6 +75,7 @@ params:
|
||||
JUMPCLOUD_LDAP_BIND_ACCOUNT_USERNAME:
|
||||
JUMPCLOUD_LDAP_BIND_ACCOUNT_PASSWORD:
|
||||
JUMPCLOUD_LDAP_USERS_SEARCH_BASE:
|
||||
JUMPCLOUD_LDAP_GROUPS_SEARCH_FILTER:
|
||||
JUMPCLOUD_LDAP_GROUPS_SEARCH_BASE:
|
||||
JUMPCLOUD_LDAP_USER_DN:
|
||||
JUMPCLOUD_LDAP_USER_CN:
|
||||
@@ -87,7 +88,26 @@ params:
|
||||
JUMPCLOUD_LDAP_EXPECTED_DIRECT_GROUPS_CN:
|
||||
JUMPCLOUD_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN:
|
||||
|
||||
# only needed when wanting to test using GitHub as an identity provider
|
||||
# only needed when wanting to test using Okta LDAP instead of OpenLDAP.
|
||||
OKTA_LDAP_HOST:
|
||||
OKTA_LDAP_STARTTLS_ONLY_HOST:
|
||||
OKTA_LDAP_BIND_ACCOUNT_USERNAME:
|
||||
OKTA_LDAP_BIND_ACCOUNT_PASSWORD:
|
||||
OKTA_LDAP_USERS_SEARCH_BASE:
|
||||
OKTA_LDAP_GROUPS_SEARCH_BASE:
|
||||
OKTA_LDAP_GROUPS_SEARCH_FILTER:
|
||||
OKTA_LDAP_USER_DN:
|
||||
OKTA_LDAP_USER_CN:
|
||||
OKTA_LDAP_USER_PASSWORD:
|
||||
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_NAME:
|
||||
OKTA_LDAP_USER_UNIQUE_ID_ATTRIBUTE_VALUE:
|
||||
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_NAME:
|
||||
OKTA_LDAP_USER_EMAIL_ATTRIBUTE_VALUE:
|
||||
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_DN:
|
||||
OKTA_LDAP_EXPECTED_DIRECT_GROUPS_CN:
|
||||
OKTA_LDAP_EXPECTED_DIRECT_POSIX_GROUPS_CN:
|
||||
|
||||
# only needed when wanting to test using GitHub as an identity provider
|
||||
PINNIPED_TEST_GITHUB_APP_CLIENT_ID:
|
||||
PINNIPED_TEST_GITHUB_APP_CLIENT_SECRET:
|
||||
PINNIPED_TEST_GITHUB_OAUTH_APP_CLIENT_ID:
|
||||
|
||||
Reference in New Issue
Block a user