Skip to main content

LDAP

Health Check

Mission Control integrates with LDAP directories to monitor authentication infrastructure.


Health Check

Use cases:

  • Verify LDAP/Active Directory connectivity and authentication
  • Validate bind credentials before they expire
  • Search for users and groups to confirm directory availability
  • Monitor directory replication by checking user existence across replicas
  • Alert when LDAP services become unavailable

Basic Connection Check

Test LDAP connectivity, authentication, and user searches.

ldap.yaml
apiVersion: canaries.flanksource.com/v1
kind: Canary
metadata:
name: ldap-pass
spec:
schedule: "@every 5m"
ldap:
- url: ldap://apacheds.canaries.svc.cluster.local:10389
name: ldap user login
username:
value: uid=admin,ou=system
password:
value: secret
bindDN: ou=users,dc=example,dc=com
userSearch: "(&(objectClass=organizationalPerson))"
- url: ldap://apacheds.canaries.svc.cluster.local:10389
name: ldap group login
username:
value: uid=admin,ou=system
password:
value: secret
bindDN: ou=groups,dc=example,dc=com
userSearch: "(&(objectClass=groupOfNames))"

Configuration Options

FieldDescriptionDefault
connectionConnection URL that supplies the LDAP server URL and credentials.Optional
urlLDAP server URL, such as ldap:// or ldaps://. Required unless connection supplies the URL.Optional
bindDNBase DN for the LDAP search.Required
usernameBind username. Required unless connection supplies the username.Optional
passwordBind password. Required unless connection supplies the password.Optional
userSearchLDAP search filter.Optional
skipTLSVerifySkip TLS certificate verificationfalse

Common LDAP Filters

# Find user by username
(uid=johndoe)

# Find user by email
(mail=john@example.com)

# Find all users in a group
(&(objectClass=user)(memberOf=cn=developers,ou=groups,dc=example,dc=com))

# Active Directory: Find by sAMAccountName
(sAMAccountName=johndoe)

# Find enabled AD users
(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

# Find users modified in last 24 hours
(&(objectClass=user)(whenChanged>=20240101000000.0Z))

Next Steps