Grant Cluster-Admin Access to LDAP Users#
Once you have configured LDAP authentication, you can assign administrative
permissions to LDAP identities using the Auth API. To do this, you must first
retrieve your session bearer token and use it in the API documentation
interface.
Retrieve the Bearer Token#
-
Log in to the MKE 4k Dashboard.
-
Open the Developer Tools for your browser.
-
Locate
bearer-token. To do this, refer to the documentation for your browser. -
Copy the bearer token value. This value is your authentication token.
Deploy the Authentication Token#
-
Open the Auth API documentation at
https://<cluster-url>/api/auth/v1/docs. -
Click the green Authorize button in the top right corner.
-
Copy-paste the bearer token value in the authorization dialog.
-
Click Authorize.s
Grant the Role to an LDAP identity#
Following authorization, you can use the PUT operations under the /grants section of the API specification.
Select the endpoint for the grant you want to make.
| Grant Target | Endpoint |
|---|---|
| Organization | PUT /grants/ |
| Team | PUT /grants/ |
| LDAP group | PUT /grants/ |
| User | PUT /grants/ |
Important
To give cluster-admin permissions to a user, the user name must match LDAP emailAttr type.
If it is configured to an email address, the configuration should be <username>@<email> or it should be equivalent to the value of the attribute set.
It is not necessary to specify a namespace, unless the cluster-admin permissions are to be given in a specific namespace.
Verification#
Once a PUT request has been issued on the designated endpoint, the user will
gain cluster-admin access. Use a GET request for verification.