generated from coulomb/repo-seed
Configure KeyCape LLDAP people OU
This commit is contained in:
@@ -78,6 +78,8 @@ lldap:
|
|||||||
bindDN: "uid=admin,ou=people,dc=netkingdom,dc=local"
|
bindDN: "uid=admin,ou=people,dc=netkingdom,dc=local"
|
||||||
bindPW: "${LLDAP_BIND_PW}"
|
bindPW: "${LLDAP_BIND_PW}"
|
||||||
baseDN: "dc=netkingdom,dc=local"
|
baseDN: "dc=netkingdom,dc=local"
|
||||||
|
userOU: "ou=people"
|
||||||
|
groupOU: "ou=groups"
|
||||||
|
|
||||||
authelia:
|
authelia:
|
||||||
# Cluster-internal URL for server-side token exchange.
|
# Cluster-internal URL for server-side token exchange.
|
||||||
|
|||||||
@@ -54,7 +54,7 @@ spec:
|
|||||||
# 2026-05-24: direct-imported into railiance01 k3s for the
|
# 2026-05-24: direct-imported into railiance01 k3s for the
|
||||||
# bootstrap-console OIDC/MFA rollout. Use IfNotPresent while the
|
# bootstrap-console OIDC/MFA rollout. Use IfNotPresent while the
|
||||||
# HTTP registry push/pull path is being cleaned up.
|
# HTTP registry push/pull path is being cleaned up.
|
||||||
image: 92.205.130.254:32166/coulomb/key-cape:main-937cb39
|
image: 92.205.130.254:32166/coulomb/key-cape:main-06d20c3
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
|
|
||||||
ports:
|
ports:
|
||||||
|
|||||||
@@ -201,6 +201,12 @@ without depending on token-list admin credentials. The live `keycape-config`
|
|||||||
now uses `realm: coulomb` and `requireForAll: true`, and Railiance runs image
|
now uses `realm: coulomb` and `requireForAll: true`, and Railiance runs image
|
||||||
`main-937cb39`.
|
`main-937cb39`.
|
||||||
|
|
||||||
|
**2026-05-25:** Fixed the subsequent token-exchange `user not found` error.
|
||||||
|
Live LLDAP stores users under `ou=people`, while KeyCape's default lookup base
|
||||||
|
was `ou=users`. KeyCape commit `06d20c3` makes the LLDAP OU settings explicit
|
||||||
|
in YAML, live `keycape-config` now sets `userOU: ou=people` and
|
||||||
|
`groupOU: ou=groups`, and Railiance runs image `main-06d20c3`.
|
||||||
|
|
||||||
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
|
**2026-05-24:** Stepped back from ad hoc secret rollout and added the
|
||||||
custodian age-key bootstrap model to the control surface. The UI now records
|
custodian age-key bootstrap model to the control surface. The UI now records
|
||||||
the custodian public age recipient, a derived fingerprint, and a non-secret
|
the custodian public age recipient, a derived fingerprint, and a non-secret
|
||||||
|
|||||||
Reference in New Issue
Block a user