Ldap configuration inside docker image


I’m deploying elasticsearch cluster and kibana instance throm kubernetes operator
My ROR pluging is installed with a docker image

I’m using also a configmap where i decribe my ror configuration. In this configuration i have some rules and users that are authentified using LDAP configuration.

I want to know if is it possible to have like two ror yml files:

1- first one for declaring rules and users (without declaring ldaps section)

2- second file to declare my ldap configuration (the purpose is to not let users to see the password). I tried to store this file into the docker image! (COPY ldap.yml /usr/share/elasticsearch/config/ldap.yml) . I have done this but i get negative response : cannot find service ldap_name

Any idea please?
Thank you in advance

Hi @rafikkcmed

There is no way to split a readonlyrest.yml into pieces. But our solution to not have plain text passwords in the ROR settings is static variables feature. Did you see it?

You can even have the whole LDAP section stored in the static variable but I don’t recommend this approach.

But hey, with ROR Enterprise you don’t have to use readonlyrest.yml. You can configure the settings in the UI Editor in Kibana or use ROR API to upload the settings

Thank you @coutoPL for your feedback

I stocked the password into an environment variable ( bind_password: “${env:LDAP_PASSWORD}”), and it works
i’ll try to keep all the config into this variable , but how can i retrive all this config into ror config?
Thank you

Sorry, I’ve told you about sth that existed in the old ROR version but does not exist anymore. Currently, the mechanism of resolving variables is more safe but also limited only to the values. So, you can place envs in values only.

1 Like