ldap

Relevant links

  Submit a bug

  Specification archive

Help us improve this page

Most of this content can be collaboratively discussed and changed in the respective README file.

Contribute

Discuss this interface

Share your thoughts on this interface with the community on discourse

Join the discussion

Charms

Providing ldap

Featured charms

Other charms

How to test a charm

Requiring ldap

Featured charms

Other charms

How to test a charm

Developer documentation

Usage

This relation interface describes the expected behavior of any charm claiming to be able to provide or consume the LDAP authentication configuration data.

Glossary of LDAP Terms

| Abbreviation | Term | |:------------:|:--------------------------:| | DN | Distinguished Name | | DIT | Directory Information Tree |

Direction

user, \ngroup

urls, \nbase_dn, \nbind_dn, \nbind_password_secret, \nauth_method, \nstarttls

Requirer

Provider

Behavior

Both the provider and the requirer need to adhere to a certain set of criteria to be considered compatible with the ldap interface.

Sensitive information is transmitted through Juju Secrets rather than directly through the relation databag(s).

Provider

  • Is expected to use user and group provided by the requirer to create a bind DN in the DIT for the requirer to use for the bind operation. If the requirer does not provide user and group, the provider leverages requirer's Juju application name and model name.
  • Is expected to provide the requirer with necessary configuration for performing LDAP authentications and operations.
  • Is expected to update the application databag if any field's data is changed in the provider charmed application.

Requirer

  • Is expected to optionally provide user and group for the provider to generate the bind DN.
  • Is expected to consume the LDAP configuration data provided by the provider to configure the requirer's charmed application.

Relation Data

Provider

The provider provides LDAP URL, base DN, and bind DN, and LDAP authentication method for the requirer to connect and perform LDAP operations. It should be placed in the application databag.

Example

  relation-info:
    - endpoint: ldap
      related-endpoint: ldap
      application-data:
        urls: [ldap://ldap.canonical.com:3893, ldap://ldap.ubuntu.com:3893]
        base_dn: dc=canonical,dc=com
        bind_dn: cn=app,ou=model,dc=canonical,dc=com
        bind_password_secret: secret://59060ecc-0495-4a80-8006-5f1fc13fd783/cjqub6vubg2s77p3nio0
        auth_method: simple
        starttls: true

Requirer

The requirer provides LDAP client information. It should be placed in the application databag.

Example

  relation-info:
    - endpoint: ldap
      related-endpoint: ldap
      application-data:
        user: sssd
        group: machine-localhost

Last updated about 15 hours ago. Help us improve this page.