Configure LDAP/AD

If your enterprise uses LDAP/AD for user authentication, you can integrate it with KubeSphere built-in OpenLDAP to authenticate users when logging in the KubeSphere console.

In this tutorial, we will demonstrate how to configure AD accounts. It also works for LDAP.

Connect to windows server 2016, enter Active Director Administrator, obtain managerDN (It could be a read-only account)

Connect to SSH of KubeSphere server, create a script and name it , then replace the values of key host、managerDN、managerPWD、userSearchBase to the actual AD values.

Please note that this script will restart Pod . Your account might be not available for a few minutes. You can log in KubeSphere to check the accounts that read from AD server when the Pod is running.

At this point, you need to use cluster admin account to assign roles to the AD users. After the roles have been assigned, these AD accounts are ready to use in KubeSphere.