diff --git a/.bin/myval.yaml b/.bin/myval.yaml index 34c199a..dd3c03b 100644 --- a/.bin/myval.yaml +++ b/.bin/myval.yaml @@ -18,6 +18,29 @@ customTLS: repository: alpine/openssl tag: latest secret: "custom-cert" +customSchemaFiles: + 10_owncloud_schema.ldif: |- + # This LDIF files describes the ownCloud schema and can be used to + # add two optional attributes: ownCloudQuota and ownCloudUUID + # The ownCloudUUID is used to store a unique, non-reassignable, persistent identifier for users and groups + dn: cn=owncloud,cn=schema,cn=config + objectClass: olcSchemaConfig + cn: owncloud + olcObjectIdentifier: ownCloudOid 1.3.6.1.4.1.39430 + olcAttributeTypes: ( ownCloudOid:1.1.1 NAME 'ownCloudQuota' + DESC 'User Quota (e.g. 2 GB)' + EQUALITY caseExactMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + olcAttributeTypes: ( ownCloudOid:1.1.2 NAME 'ownCloudUUID' + DESC 'A non-reassignable and persistent account ID)' + EQUALITY uuidMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE ) + olcObjectClasses: ( ownCloudOid:1.2.1 NAME 'ownCloud' + DESC 'ownCloud LDAP Schema' + AUXILIARY + MAY ( ownCloudQuota $ ownCloudUUID ) ) customLdifFiles: 00-root.ldif: |- # Root creation @@ -39,6 +62,7 @@ customLdifFiles: homedirectory: /home/users/jdupond objectclass: inetOrgPerson objectclass: posixAccount + objectClass: ownCloud objectclass: top sn: Dupond uid: jdupond diff --git a/.bin/singleNode.yaml b/.bin/singleNode.yaml new file mode 100644 index 0000000..d7c4c15 --- /dev/null +++ b/.bin/singleNode.yaml @@ -0,0 +1,22 @@ +logLevel: debug +resources: + limits: + cpu: "128m" + memory: "64Mi" +replicaCount: 1 +replication: + enabled: false +ltb-passwd: + ingress: + hosts: + - "ssl-ldap2.example" +phpldapadmin: + ingress: + hosts: + - "phpldapadmin.example" +customTLS: + enabled: false +service: + ldapPortNodePort: 30389 + sslLdapPortNodePort: 30636 + type: NodePort diff --git a/.bin/user.ldif b/.bin/user.ldif new file mode 100644 index 0000000..6ce29da --- /dev/null +++ b/.bin/user.ldif @@ -0,0 +1,19 @@ +dn: uid=einstein,dc=example,dc=org +objectClass: inetOrgPerson +objectClass: organizationalPerson +objectClass: ownCloud +objectClass: person +objectClass: posixAccount +objectClass: top +uid: einstein +givenName: Albert +sn: Einstein +cn: einstein +displayName: Albert Einstein +description: A German-born theoretical physicist who developed the theory of relativity, one of the two pillars of modern physics (alongside quantum mechanics). +mail: einstein@example.org +uidNumber: 20000 +gidNumber: 30000 +homeDirectory: /home/einstein +ownCloudUUID:: NGM1MTBhZGEtYzg2Yi00ODE1LTg4MjAtNDJjZGY4MmMzZDUx +userPassword:: e1NTSEF9TXJEcXpFNGdKbXZxbVRVTGhvWEZ1VzJBbkV3NWFLK3J3WTIvbHc9PQ== \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 80d88a9..d3d6ea2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -68,11 +68,34 @@ jobs: run: | echo "test access to openldap database" kubectl apply -f .bin/chaos.yaml + - name: test write + shell: bash + run: | + echo "test access to openldap database" + LDAPTLS_REQCERT=never ldapadd -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -f .bin/user.ldif + LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-write.txt + if [ $(grep "numResponses" /tmp/test-write.txt | cut -d ":" -f 2 | tr -d ' ') -ne 5 ]; then exit 1 ; fi + if ! grep -q "objectClass: ownCloud" /tmp/test-write.txt; then echo exit 1; fi - name: chaos tests shell: bash run: | echo "test access to openldap database" for i in {1..20}; do LDAPTLS_REQCERT=never ldapsearch -o nettimeout=20 -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' && sleep 60 ; done + - name: deploy openldap-stack-ha-single-node + shell: bash + run: | + helm delete openldap-stack-ha + cd "$GITHUB_WORKSPACE" + helm install openldap-stack-ha -n single --create-namespace -f .bin/singleNode.yaml . + kubectl rollout status sts openldap-stack-ha -n single + - name: verify single node deployment + shell: bash + run: | + echo "test access to openldap database" + sudo apt-get install -y ldap-utils + LDAPTLS_REQCERT=never ldapsearch -x -D 'cn=admin,dc=example,dc=org' -w Not@SecurePassw0rd -H ldaps://localhost:30636 -b 'dc=example,dc=org' > /tmp/test-single-node.txt + cat /tmp/test-single-node.txt + if [ $(grep "numResponses" /tmp/test-single-node.txt | cut -d ":" -f 2 | tr -d ' ') -ne 6 ]; then exit 1 ; fi diff --git a/test.yaml b/test.yaml new file mode 100644 index 0000000..b1c5001 --- /dev/null +++ b/test.yaml @@ -0,0 +1,648 @@ +--- +# Source: openldap-stack-ha/templates/secret-ltb.yaml +apiVersion: v1 +kind: Secret +metadata: + name: openldap-ltb-passwd + labels: + app: openldap + chart: openldap-4.1.0 + release: openldap + heritage: Helm +type: Opaque +data: + LDAP_ADMIN_PASSWORD: "Tm90QFNlY3VyZVBhc3N3MHJk" +--- +# Source: openldap-stack-ha/templates/secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: openldap + labels: + app: openldap + chart: openldap-4.1.0 + release: openldap + heritage: Helm +type: Opaque +data: + LDAP_ADMIN_PASSWORD: "Tm90QFNlY3VyZVBhc3N3MHJk" + LDAP_CONFIG_ADMIN_PASSWORD: "Tm90QFNlY3VyZVBhc3N3MHJk" +--- +# Source: openldap-stack-ha/charts/ltb-passwd/templates/configmap-ldap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: openldap-ltb-passwd-ldap-cm + labels: + app: openldap-ltb + chart: ltb-passwd-0.1.0 + release: openldap + heritage: Helm +data: + ldap.conf: | + TLS_REQCERT never +--- +# Source: openldap-stack-ha/charts/phpldapadmin/templates/configmap.yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: openldap-phpldapadmin + labels: + app: phpldapadmin + chart: phpldapadmin-0.1.2 + release: openldap + heritage: Helm +data: + PHPLDAPADMIN_HTTPS: "false" + PHPLDAPADMIN_LDAP_CLIENT_TLS_REQCERT: never + PHPLDAPADMIN_TRUST_PROXY_SSL: "true" + PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{ 'openldap.default' : [{'server': [{'tls': True},{'port':389}]},{'login': [{'bind_id': 'cn=admin,dc=example,dc=org' }]}]}]" +--- +# Source: openldap-stack-ha/templates/configmap-env.yaml +# +# A ConfigMap spec for openldap slapd that map directly to env variables in the Pod. +# List of environment variables supported is from the docker image: +# https://hub.docker.com/r/bitnami/openldap/ +# Note that passwords are defined as secrets +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: openldap-env + labels: + app: openldap + chart: openldap-4.1.0 + release: openldap + heritage: Helm +data: + LDAP_ROOT: dc=example,dc=org + LDAP_EXTRA_SCHEMAS: cosine,inetorgperson,nis,syncprov,serverid,csyncprov,rep,bsyncprov,brep,acls + LDAP_TLS_CERT_FILE: /opt/bitnami/openldap/certs/tls.crt + LDAP_TLS_KEY_FILE: /opt/bitnami/openldap/certs/tls.key + LDAP_TLS_CA_FILE: /opt/bitnami/openldap/certs/ca.crt + BITNAMI_DEBUG: "true" + LDAP_CONFIG_ADMIN_ENABLED: "yes" + LDAP_CONFIG_ADMIN_USERNAME: admin + LDAP_ENABLE_TLS: "yes" + LDAP_LOGLEVEL: "256" + LDAP_SKIP_DEFAULT_TREE: "no" + LDAP_TLS_ENFORCE: "false" + LDAPTLS_REQCERT: never +--- +# Source: openldap-stack-ha/templates/configmap-replication-acls.yaml +# +# A ConfigMap spec for openldap slapd that map directly to files under +# /container/service/slapd/assets/config/bootstrap/ldif/custom +# +apiVersion: v1 +kind: ConfigMap +metadata: + name: openldap-replication-acls + labels: + app: openldap + chart: openldap-4.1.0 + release: openldap + heritage: Helm +data: + # replication + syncprov.ldif: | + # Load syncprov module + dn: cn=module{0},cn=config + objectClass: olcModuleList + cn: module{0} + olcModuleLoad: syncprov + serverid.ldif: | + # Set server ID + dn: cn=config + changeType: modify + add: olcServerID + olcServerID: 1 ldap://openldap-0.openldap-headless.default.svc.cluster.local:1389 + olcServerID: 2 ldap://openldap-1.openldap-headless.default.svc.cluster.local:1389 + olcServerID: 3 ldap://openldap-2.openldap-headless.default.svc.cluster.local:1389 + csyncprov.ldif: | + # Add syncprov on config + dn: olcOverlay=syncprov,olcDatabase={0}config,cn=config + changetype: add + objectClass: olcOverlayConfig + objectClass: olcSyncProvConfig + olcOverlay: syncprov + rep.ldif: | + # Add sync replication on config + dn: olcDatabase={0}config,cn=config + changetype: modify + add: olcSyncRepl + olcSyncRepl: rid=001 provider=ldap://openldap-0.openldap-headless.default.svc.cluster.local:1389 binddn="cn=admin,cn=config" bindmethod=simple credentials=Not@SecurePassw0rd searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never + olcSyncRepl: rid=002 provider=ldap://openldap-1.openldap-headless.default.svc.cluster.local:1389 binddn="cn=admin,cn=config" bindmethod=simple credentials=Not@SecurePassw0rd searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never + olcSyncRepl: rid=003 provider=ldap://openldap-2.openldap-headless.default.svc.cluster.local:1389 binddn="cn=admin,cn=config" bindmethod=simple credentials=Not@SecurePassw0rd searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical tls_reqcert=never + - + add: olcMirrorMode + olcMirrorMode: TRUE + bsyncprov.ldif: | + dn: olcOverlay=syncprov,olcDatabase={2}mdb,cn=config + objectClass: olcOverlayConfig + objectClass: olcSyncProvConfig + olcOverlay: syncprov + olcSpSessionLog: 100 + brep.ldif: | + dn: olcDatabase={2}mdb,cn=config + changetype: modify + add: olcSyncrepl + olcSyncrepl: + rid=101 + provider=ldap://openldap-0.openldap-headless.default.svc.cluster.local:1389 + binddn=cn=admin,dc=example,dc=org + bindmethod=simple + credentials=Not@SecurePassw0rd + searchbase=dc=example,dc=org + type=refreshAndPersist + interval=00:00:00:10 + network-timeout=0 + retry="60 +" + timeout=1 + starttls=critical + tls_reqcert=never + olcSyncrepl: + rid=102 + provider=ldap://openldap-1.openldap-headless.default.svc.cluster.local:1389 + binddn=cn=admin,dc=example,dc=org + bindmethod=simple + credentials=Not@SecurePassw0rd + searchbase=dc=example,dc=org + type=refreshAndPersist + interval=00:00:00:10 + network-timeout=0 + retry="60 +" + timeout=1 + starttls=critical + tls_reqcert=never + olcSyncrepl: + rid=103 + provider=ldap://openldap-2.openldap-headless.default.svc.cluster.local:1389 + binddn=cn=admin,dc=example,dc=org + bindmethod=simple + credentials=Not@SecurePassw0rd + searchbase=dc=example,dc=org + type=refreshAndPersist + interval=00:00:00:10 + network-timeout=0 + retry="60 +" + timeout=1 + starttls=critical + tls_reqcert=never + + dn: olcDatabase={2}mdb,cn=config + changetype: modify + add: olcMirrorMode + olcMirrorMode: TRUE + # acls + acls.ldif: | + dn: olcDatabase={2}mdb,cn=config + changetype: modify + replace: olcAccess + olcAccess: {0}to * + by dn.exact=gidNumber=0+uidNumber=1001,cn=peercred,cn=external,cn=auth manage + by * break + olcAccess: {1}to attrs=userPassword,shadowLastChange + by self write + by dn="cn=admin,dc=example,dc=org" write + by anonymous auth by * none + olcAccess: {2}to * + by dn="cn=admin,dc=example,dc=org" write + by self read + by * none +--- +# Source: openldap-stack-ha/charts/ltb-passwd/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: openldap-ltb-passwd + labels: + app.kubernetes.io/name: openldap-ltb + helm.sh/chart: ltb-passwd-0.1.0 + app.kubernetes.io/instance: openldap + app.kubernetes.io/managed-by: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: openldap-ltb + app.kubernetes.io/instance: openldap +--- +# Source: openldap-stack-ha/charts/phpldapadmin/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: openldap-phpldapadmin + labels: + app: phpldapadmin + chart: phpldapadmin-0.1.2 + release: openldap + heritage: Helm +spec: + type: ClusterIP + ports: + - port: 80 + targetPort: http + protocol: TCP + name: http + selector: + app: phpldapadmin + release: openldap +--- +# Source: openldap-stack-ha/templates/service.yaml +apiVersion: v1 +kind: Service +metadata: + name: openldap + namespace: default + labels: + app.kubernetes.io/component: openldap + chart: openldap-4.1.0 + release: openldap + heritage: Helm +spec: + type: ClusterIP + ports: + - name: ldap-port + protocol: TCP + port: 389 + targetPort: ldap-port + nodePort: null + - name: ssl-ldap-port + protocol: TCP + port: 636 + targetPort: ssl-ldap-port + nodePort: null + sessionAffinity: None + selector: + app.kubernetes.io/component: openldap + release: openldap +--- +# Source: openldap-stack-ha/templates/svc-headless.yaml +apiVersion: v1 +kind: Service +metadata: + name: openldap-headless + labels: + app.kubernetes.io/component: openldap + chart: openldap-4.1.0 + release: openldap + heritage: Helm +spec: + ports: + - port: 389 + name: ldap-port + targetPort: ldap-port + clusterIP: None + selector: + app.kubernetes.io/component: openldap + release: openldap + type: ClusterIP + sessionAffinity: None +--- +# Source: openldap-stack-ha/charts/ltb-passwd/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: openldap-ltb-passwd + labels: + app.kubernetes.io/name: openldap-ltb + helm.sh/chart: ltb-passwd-0.1.0 + app.kubernetes.io/instance: openldap + app.kubernetes.io/version: "1.3" + app.kubernetes.io/managed-by: Helm +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: openldap-ltb + app.kubernetes.io/instance: openldap + template: + metadata: + labels: + app.kubernetes.io/name: openldap-ltb + app.kubernetes.io/instance: openldap + spec: + + containers: + - name: ltb-passwd + image: tiredofit/self-service-password:5.2.3 + imagePullPolicy: Always + env: + - name: LDAP_SERVER + value: ldaps://openldap.default:636 + - name: LDAP_BINDDN + value: cn=admin,dc=example,dc=org + - name: LDAP_BINDPASS + valueFrom: + secretKeyRef: + name: openldap-ltb-passwd + key: LDAP_ADMIN_PASSWORD + - name: LDAP_BASE_SEARCH + value: "dc=example,dc=org" + - name: SECRETKEY + value: password + - name: LDAP_LOGIN_ATTRIBUTE + value: cn + - name: LDAP_STARTTLS + value: "false" + - name: CHANGE_SSHKEY + value: "true" + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {} + volumeMounts: + - mountPath: /etc/openldap + name: ldap-conf + volumes: + - name: ldap-conf + configMap: + name: openldap-ltb-passwd-ldap-cm +--- +# Source: openldap-stack-ha/charts/phpldapadmin/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment + +metadata: + name: openldap-phpldapadmin + labels: + app: phpldapadmin + chart: phpldapadmin-0.1.2 + release: openldap + heritage: Helm + +spec: + replicas: 1 + selector: + matchLabels: + app: phpldapadmin + release: openldap + template: + metadata: + labels: + app: phpldapadmin + release: openldap + spec: + + containers: + - name: phpldapadmin + image: osixia/phpldapadmin:0.9.0 + imagePullPolicy: IfNotPresent + ports: + - name: http + containerPort: 80 + protocol: TCP + envFrom: + - configMapRef: + name: openldap-phpldapadmin + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {} +--- +# Source: openldap-stack-ha/templates/statefulset.yaml +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: openldap + labels: + app.kubernetes.io/name: openldap-stack-ha + helm.sh/chart: openldap-stack-ha-4.1.0 + app.kubernetes.io/instance: openldap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: openldap + chart: openldap-4.1.0 + release: openldap + heritage: Helm +spec: + replicas: 3 + selector: + matchLabels: + app.kubernetes.io/name: openldap-stack-ha + app.kubernetes.io/instance: openldap + app.kubernetes.io/component: openldap + serviceName: openldap-headless + updateStrategy: + + type: RollingUpdate + template: + metadata: + annotations: + checksum/configmap-env: 8c20e10a3d140b444f32143352964021b8ef34733eb3018442abe81a9ddec9ec + labels: + app.kubernetes.io/name: openldap-stack-ha + helm.sh/chart: openldap-stack-ha-4.1.0 + app.kubernetes.io/instance: openldap + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/component: openldap + release: openldap + spec: + initContainers: + - name: init-tls-secret + image: alpine/openssl:latest + imagePullPolicy: Always + command: + - sh + - -c + - | + openssl req -x509 -newkey rsa:4096 -nodes -subj '/CN=example.org' -keyout /tmp-certs/tls.key -out /tmp-certs/tls.crt -days 365 + cp /tmp-certs/tls.crt /tmp-certs/ca.crt + chmod 777 /tmp-certs/* + cp -Lr /tmp-certs/* /certs + volumeMounts: + - name: certs + mountPath: "/certs" + - name: secret-certs + mountPath: "/tmp-certs" + + affinity: + podAffinity: + + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: openldap-stack-ha + app.kubernetes.io/instance: openldap + app.kubernetes.io/component: openldap + namespaces: + - "default" + topologyKey: kubernetes.io/hostname + weight: 1 + nodeAffinity: + + securityContext: + fsGroup: 1001 + containers: + - name: openldap-stack-ha + image: bitnami/openldap:2.6.3 + imagePullPolicy: Always + env: + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + envFrom: + - configMapRef: + name: openldap-env + - secretRef: + name: openldap + resources: + limits: {} + requests: {} + ports: + - name: ldap-port + containerPort: 1389 + - name: ssl-ldap-port + containerPort: 1636 + livenessProbe: + tcpSocket: + port: ldap-port + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 10 + readinessProbe: + tcpSocket: + port: ldap-port + initialDelaySeconds: 20 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 10 + startupProbe: + tcpSocket: + port: ldap-port + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 30 + volumeMounts: + - name: data + mountPath: /bitnami/openldap/ + - name: certs + mountPath: /opt/bitnami/openldap/certs + - name: replication-acls + mountPath: /opt/bitnami/openldap/etc/schema/syncprov.ldif + subPath: syncprov.ldif + - name: replication-acls + mountPath: /opt/bitnami/openldap/etc/schema/serverid.ldif + subPath: serverid.ldif + - name: replication-acls + mountPath: /opt/bitnami/openldap/etc/schema/csyncprov.ldif + subPath: csyncprov.ldif + - name: replication-acls + mountPath: /opt/bitnami/openldap/etc/schema/rep.ldif + subPath: rep.ldif + - name: replication-acls + mountPath: /opt/bitnami/openldap/etc/schema/bsyncprov.ldif + subPath: bsyncprov.ldif + - name: replication-acls + mountPath: /opt/bitnami/openldap/etc/schema/brep.ldif + subPath: brep.ldif + - name: replication-acls + mountPath: /opt/bitnami/openldap/etc/schema/acls.ldif + subPath: acls.ldif + volumes: + - name: replication-acls + configMap: + name: openldap-replication-acls + - name: certs + emptyDir: + medium: Memory + - name: secret-certs + emptyDir: + medium: Memory + volumeClaimTemplates: + - metadata: + name: data + annotations: + spec: + accessModes: + - "ReadWriteOnce" + resources: + requests: + storage: "8Gi" +--- +# Source: openldap-stack-ha/charts/ltb-passwd/templates/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: openldap-ltb-passwd + labels: + app: openldap-ltb + chart: ltb-passwd-0.1.0 + release: openldap + heritage: Helm +spec: + rules: + - host: ssl-ldap2.example + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: openldap-ltb-passwd + port: + name: http +--- +# Source: openldap-stack-ha/charts/phpldapadmin/templates/ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: openldap-phpldapadmin + labels: + app: phpldapadmin + chart: phpldapadmin-0.1.2 + release: openldap + heritage: Helm +spec: + rules: + - host: phpldapadmin.example + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: openldap-phpldapadmin + port: + name: http +--- +# Source: openldap-stack-ha/templates/configmap-customldif.yaml +# +# A ConfigMap spec for openldap slapd that map directly to files under +# /container/service/slapd/assets/config/bootstrap/ldif/custom +# +--- +# Source: openldap-stack-ha/templates/configmap-customschema.yaml +# +# A ConfigMap spec for openldap slapd that map directly to files under +# /opt/bitnami/openldap/etc/schema/custom +#