Version Next

Security — CloudBeaver

The chart supports LDAP for CloudBeaver Community (block tdp-cloudbeaver.ldap). Follow the best practices of not committing passwords and using Secrets or secrets management operators.

Prerequisites

LDAP server reachable from the cluster.
Kubernetes Secret with the bind password (referenced in the values).

Bind Secret

Terminal input

kubectl -n <namespace> create secret generic tdp-cloudbeaver-ldap-bind \
  --from-literal=password='<LDAP_BIND_PASSWORD>'

Values file (summary structure)

The LDAP configuration uses ldap.server, ldap.bind, ldap.userSearch, the JSON block ldap.configProperties (LDAP provider in CloudBeaver), and ldap.extraEnvVars to inject CLOUDBEAVER_AUTH_LDAP_BIND_PASSWORD via secretKeyRef. Replicate the full example exported with helm show values in your private file, replacing only the placeholders:

<LDAP_SERVER_HOST>, <LDAP_BIND_DN>, <LDAP_USER_BASE_DN>, <LDAP_BIND_PASSWORD>

Minimal env example (the JSON configProperties must follow the chart):

tdp-cloudbeaver:
  ldap:
    enabled: true
    server:
      host: "<LDAP_SERVER_HOST>"
      port: 389
      useSSL: false
      useTLS: false
      insecureSkipVerify: true
    bind:
      dn: "<LDAP_BIND_DN>"
      passwordSecretName: "tdp-cloudbeaver-ldap-bind"
      passwordSecretKey: "password"
    userSearch:
      baseDN: "<LDAP_USER_BASE_DN>"
      filter: "(objectClass=person)"
      userIdAttribute: "uid"
    extraEnvVars: |
      - name: CLOUDBEAVER_AUTH_LDAP_BIND_PASSWORD
        valueFrom:
          secretKeyRef:
            name: tdp-cloudbeaver-ldap-bind
            key: password

Deploy

Terminal input
helm upgrade --install <release> \
  oci://registry.tecnisys.com.br/tdp/charts/tdp-cloudbeaver \
  -n <namespace> --create-namespace \
  -f my-values.yaml \
  -f values-ldap.yaml

Parameters

Area	Usage
`ldap.server.*`	Host, port, SSL/TLS
`ldap.bind.*`	Bind DN + Secret
`ldap.userSearch.*`	Base DN, filter, login attribute
`ldap.configProperties`	`authConfigurations` JSON (see `helm show values`)

Troubleshooting

Problem	Solution
LDAP option does not appear	`ldap.enabled: true` and valid `configProperties`
Authentication failure	Test bind, DN, and filter; check CloudBeaver pod logs

Terminal input

kubectl exec -it <cloudbeaver-pod> -n <namespace> -- nc -zv <LDAP_SERVER_HOST> 389

Prerequisites​

Bind Secret​

Values file (summary structure)​

Deploy​

Parameters​

Troubleshooting​