issue[122] Add username customization

README.md

@@ -57,7 +57,10 @@ Global parameters to configure the deployment of the application.
 | `global.imagePullSecrets`                     | Global list of imagePullSecrets                                                                                                                        | `[]`                 |
 | `global.ldapDomain`                     | Domain LDAP can be explicit `dc=example,dc=org` or domain based `example.org`                                                                                                                         | `example.org`                 |
 | `global.existingSecret`                     | Use existing secret for credentials - the expected keys are LDAP_ADMIN_PASSWORD and LDAP_CONFIG_ADMIN_PASSWORD                                         | `""`                |
+| `global.adminUser`                     | Openldap database admin user                                                                                                                        | `admin`                 |
 | `global.adminPassword`                     | Administration password of Openldap                                                                                                                        | `Not@SecurePassw0rd`                 |
+| `global.configUserEnabled`                     |  Whether to create a configuration admin user                                                                                                                       | `true`                 |
+| `global.configUser`                     |  Openldap configuration admin user                                                                                                                       | `admin`                 |
 | `global.configPassword`                     | Configuration password of Openldap                                                                                                                        | `Not@SecurePassw0rd`                 |
 | `global.ldapPort`                     | Ldap port                                                                                                                         | `389`                 |
 | `global.sslLdapPort`                     | Ldaps port                                                                                                                         | `636`                 |

templates/_helpers.tpl

@@ -69,6 +69,7 @@ Generate olcSyncRepl list
 {{- define "olcSyncRepls" -}}
 {{- $name := (include "openldap.fullname" .) }}
 {{- $namespace := .Release.Namespace }}
+{{- $bindDNUser := .Values.global.adminUser }}
 {{- $cluster := .Values.replication.clusterName }}
 {{- $configPassword :=  ternary .Values.global.configPassword "%%CONFIG_PASSWORD%%" (empty .Values.global.existingSecret) }}
 {{- $retry := .Values.replication.retry }}
@@ -78,7 +79,7 @@ Generate olcSyncRepl list
 {{- $nodeCount := .Values.replicaCount | int }}
   {{- range $index0 := until $nodeCount }}
     {{- $index1 := $index0 | add1 }}
-    olcSyncRepl: rid=00{{ $index1 }} provider=ldap://{{ $name }}-{{ $index0 }}.{{ $name }}-headless.{{ $namespace }}.svc.{{ $cluster }}:1389 binddn="cn=admin,cn=config" bindmethod=simple credentials={{ $configPassword }} searchbase="cn=config" type=refreshAndPersist retry="{{ $retry }} +" timeout={{ $timeout }} starttls={{ $starttls }} tls_reqcert={{ $tls_reqcert }}
+    olcSyncRepl: rid=00{{ $index1 }} provider=ldap://{{ $name }}-{{ $index0 }}.{{ $name }}-headless.{{ $namespace }}.svc.{{ $cluster }}:1389 binddn="cn={{ $bindDNUser }},cn=config" bindmethod=simple credentials={{ $configPassword }} searchbase="cn=config" type=refreshAndPersist retry="{{ $retry }} +" timeout={{ $timeout }} starttls={{ $starttls }} tls_reqcert={{ $tls_reqcert }}
   {{- end -}}
 {{- end -}}
 
@@ -88,6 +89,7 @@ Generate olcSyncRepl list
 {{- define "olcSyncRepls2" -}}
 {{- $name := (include "openldap.fullname" .) }}
 {{- $domain := (include "global.baseDomain" .) }}
+{{- $bindDNUser := .Values.global.adminUser }} 
 {{- $namespace := .Release.Namespace }}
 {{- $cluster := .Values.replication.clusterName }}
 {{- $adminPassword := ternary .Values.global.adminPassword "%%ADMIN_PASSWORD%%" (empty .Values.global.existingSecret) }}
@@ -102,7 +104,7 @@ Generate olcSyncRepl list
     olcSyncrepl:
       rid=10{{ $index1 }}
       provider=ldap://{{ $name }}-{{ $index0 }}.{{ $name }}-headless.{{ $namespace }}.svc.{{ $cluster }}:1389
-      binddn={{ printf "cn=admin,%s" $domain }}
+      binddn={{ printf "cn=%s,%s" $bindDNUser $domain }}
       bindmethod=simple
       credentials={{ $adminPassword }}
       searchbase={{ $domain }}
@@ -223,7 +225,7 @@ Return the server name
 Return the bdmin indDN
 */}}
 {{- define "global.bindDN" -}}
-{{- printf "cn=admin,%s" (include "global.baseDomain" .) -}}
+{{- printf "cn=%s,%s" .Values.global.adminUser (include "global.baseDomain" .) -}}
 {{- end -}}
 
 {{/*

templates/configmap-env.yaml

@@ -31,4 +31,10 @@ data:
   LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/certs/tls.crt
   LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/certs/tls.key
   LDAP_TLS_CA_FILE: /opt/bitnami/openldap/certs/ca.crt
+  {{- if .Values.global.configUserEnabled }}
+  LDAP_CONFIG_ADMIN_ENABLED: "yes"
+  LDAP_CONFIG_ADMIN_USERNAME: "{{ .Values.global.configUser }}"
+  {{- else }}
+  LDAP_CONFIG_ADMIN_ENABLED: "no"
+  {{- end }}
 {{ toYaml .Values.env | indent 2 }}

templates/secret.yaml

@@ -13,6 +13,9 @@ metadata:
 {{- end }}
 type: Opaque
 data:
+  LDAP_ADMIN_USERNAME: {{ .Values.global.adminUser | b64enc | quote }}
   LDAP_ADMIN_PASSWORD: {{ .Values.global.adminPassword | b64enc | quote }}
+  {{- if .Values.global.configUserEnabled }}
   LDAP_CONFIG_ADMIN_PASSWORD: {{ .Values.global.configPassword  | b64enc | quote }}
+  {{- end}}
 {{ end }}

values.yaml

@@ -17,7 +17,10 @@ global:
   # Specifies an existing secret to be used for admin and config user passwords. The expected key are LDAP_ADMIN_PASSWORD and LDAP_CONFIG_ADMIN_PASSWORD.
   # existingSecret: ""
   ## Default Passwords to use, stored as a secret. Not used if existingSecret is set.
-  adminPassword:  Not@SecurePassw0rd
+  adminUser: "admin"
+  adminPassword: Not@SecurePassw0rd
+  configUserEnabled: true
+  configUser: "admin"
   configPassword: Not@SecurePassw0rd
   ldapPort: 389
   sslLdapPort: 636
@@ -96,8 +99,6 @@ env:
  LDAP_TLS_ENFORCE: "false"
  LDAPTLS_REQCERT: "never"
  LDAP_ENABLE_TLS: "yes"
- LDAP_CONFIG_ADMIN_ENABLED: "yes"
- LDAP_CONFIG_ADMIN_USERNAME: "admin"
  LDAP_SKIP_DEFAULT_TREE: "no"
 
 # Pod Disruption Budget for Stateful Set