UserInfoFetcher: ActiveDirectory backend

[nightkr]

Description

Fixes #524

Definition of Done Checklist

• Not all of these items are applicable to all PRs, the author should update this template to only leave the boxes in that are relevant
• Please make sure all these things are done and tick the boxes

Author

Beta Give feedback

1. Changes are OpenShift compatible
2. CRD changes approved
3. CRD documentation for all fields, following the style guide.
4. Helm chart can be installed and deployed operator works
5. Integration tests passed (for non trivial changes)
6. Changes need to be "offline" compatible

Reviewer

Beta Give feedback

1. Code contains useful comments
2. Code contains useful logging statements
3. (Integration-)Test cases added
4. Documentation added or updated. Follows the style guide.
5. Changelog updated
6. Cargo.toml only contains references to git tags (not specific commits or branches)

Acceptance

Beta Give feedback

1. Feature Tracker has been updated
2. Proper release label has been added
3. Roadmap has been updated

[fhennig]

I saw this in the decision RfC column, anything particular you are looking for comments on?

[nightkr]

Primarily the CRD changes configuring the new backend.

[nightkr]

Moving CRD review to voting, please vote on this comment.

[sbernauer]

I know it was this way before, but IMHO it makes sense to move the Keycloak example above below the Keycloak section :)

[nightkr]

The API docs are fairly independent from the backend in use, mentioned that the example shows some keycloakisms in db44296

[sbernauer]

In the AuthenticationClass we also have an ldapPort field: https://docs.stackable.tech/home/stable/concepts/authentication#ldap. It might make sense to have that for consistency reasons as well.

If not please test a non-default port and update the CRD docs, e.g.

Hostname of the domain controller, e.g. `ad-ds-1.contoso.com` or `ad-ds-1.contoso.com:1234`.

[nightkr]

That's fair, the inspiration here was secret-op's LDAP support, which also doesn't support custom LDAP ports at the moment. As far as I know, there's no way to customize AD's LDAP port.

[nightkr]

In fairness, there are a few things we could port over from secret-op here:

• rename to ldapServer
• explicitly forbid port numbers (though it should break the SASL bind anyway)

[sbernauer]

As far as I know, there's no way to customize AD's LDAP port.

Oh that's a bit unexpected :D Happy to rename it to ldapServer and close this discussion

[nightkr]

94febb5

[nightkr]

Closing CRD vote as accepted

[nightkr]

Proper testing is blocked on stackabletech/issues#629