search

sassoftware / viya4-deployment

This project contains Ansible code that creates a baseline in an existing Kubernetes environment for use with the SAS Viya Platform, generates the manifest for an order, and then can also deploy that order into the Kubernetes environment specified.
Apache License 2.0
71 stars 64 forks source link

(IAC-560) how to add users to the embedded OpenLDAP #219

Closed wweghe closed 1 year ago

wweghe commented 2 years ago

Hi, In the section of the Readme.md on the OpenLDAP Customizations, it is stated : "Subsequently, you can either delete and redeploy the OpenLDAP server with a new configuration, or add users using ldapadd."

I tried the latter (using ldapadd) and indeed users are created to the OpenLDAP, and can be used in Viya 4. However, upon a restart of the OpenLDAP pod, the newly added users are no longer there, only the original users (user1, user2 and viya_admin). So it would seem the OpenLDAP pods do not have persistent storage attached, and only the users available in this file "site-config/vdm/generators/openldap-bootstrap-config.yaml" are available after a restart of the OpenLDAP pod.

Is my understanding correct, or am I missing something ?

thpang commented 2 years ago

That is correct. OpenLDAP does not persist and gets created and destroyed within the SAS Viya name space it is created.

This ldap server is setup as temporary stop-gap for folks who have not gotten that far in their enterprise integration with the Viya 4 deployment.If you need something that persists you'll need to install an ldap server outside of the Viya 4 namespace.

Here is the SAS documentation on how to integrate LDAP with the SAS Viya 4 software.

HLS-SAS commented 2 years ago

Ok, Thanks Thomas, understood, and fully agree. I guess the only thing to do, is change the Readme.md, to make sure people don't make the same mistake as me :

thpang commented 2 years ago

Yeah we could clear that up a bit.