jp-gouin/helm-openldap

Allow disabling anonymous/unauth binds

davidfrickert opened this issue · 3 comments

Is your feature request related to a problem? Please describe.
I would like to easily disable anonymous and unauth binds.
This is supported by the bitnami image with an env var: https://github.com/bitnami/containers/blob/8d0a4f5794335e0a3f277445945c951a287abc9a/bitnami/openldap/README.md?plain=1#L191

  • LDAP_ALLOW_ANON_BINDING: Allow anonymous bindings to the LDAP server. Default: yes.

Describe the solution you'd like
Add new values.yaml group e.g. security and underneath ldap_allow_anon_binding and then use it to set the env var in the stateful set.

security:
  ldap_allow_anon_binding: 'no' / 'yes'

Describe alternatives you've considered
n/a

Additional context
Should the default be 'yes' to match bitnami default? Or should it be 'no' to increase a bit the security of the default installation? (would be a breaking change)

can also add it to env

Hi @davidfrickert ,

out of the box I can recommend you to use env directly . It’s should be up to the users to decide whether it should be yes or no .

I’ll take the action to add it by default in the values so everyone can benefit from it