add userSearchBase and groupSearchBase to security/RBAC config (#118)

LGTM

Author: ptyagii

hybrid/multi-region-clusters/confluent-platform/kafka/kafka-central.yaml

@@ -73,10 +73,12 @@ spec:
             groupNameAttribute: cn
             groupObjectClass: group
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userNameAttribute: cn
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
         type: ldap
       tls:
         enabled: true

hybrid/multi-region-clusters/confluent-platform/kafka/kafka-east.yaml

@@ -75,10 +75,12 @@ spec:
             groupNameAttribute: cn
             groupObjectClass: group
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userNameAttribute: cn
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
         type: ldap
       tls:
         enabled: true

hybrid/multi-region-clusters/confluent-platform/kafka/kafka-west.yaml

@@ -75,10 +75,12 @@ spec:
             groupNameAttribute: cn
             groupObjectClass: group
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userNameAttribute: cn
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
         type: ldap
       tls:
         enabled: true

security/configure-with-vault/rbac/confluent-platform-withrbac-vault.yaml

@@ -83,10 +83,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   podTemplate:
     serviceAccountName: confluent-sa
     annotations:

security/configure-with-vault/rbac/zk_kafka.yaml

@@ -83,10 +83,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   podTemplate:
     serviceAccountName: confluent-sa
     annotations:

security/internal_external-tls_mtls_confluent-rbac/confluent-platform-mtls-rbac.yaml

@@ -80,10 +80,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/production-secure-deploy-auto-gen-certs/confluent-platform-production-autogeneratedcerts.yaml

@@ -80,10 +80,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/production-secure-deploy-auto-gen-certs/confluent-platform-production-mtls.yaml

@@ -82,10 +82,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/production-secure-deploy-auto-gen-certs/confluent-platform-production.yaml

@@ -80,10 +80,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/production-secure-deploy/confluent-platform-production-autogeneratedcerts.yaml

@@ -80,10 +80,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/production-secure-deploy/confluent-platform-production-mtls.yaml

@@ -82,10 +82,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/production-secure-deploy/confluent-platform-production.yaml

@@ -80,10 +80,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/userprovided-tls_mtls-sasl_confluent-rbac/confluent-platform-mtls-sasl-rbac.yaml

@@ -77,10 +77,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/userprovided-tls_mtls_confluent-rbac/confluent-platform-mtls-rbac-hostbased-ingress.yaml

@@ -82,10 +82,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/userprovided-tls_mtls_confluent-rbac/confluent-platform-mtls-rbac.yaml

@@ -82,10 +82,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication:

security/userprovided-tls_mtls_confluent-rbac/kafka.yaml

@@ -63,10 +63,12 @@ spec:
             groupMemberAttribute: member
             groupMemberAttributePattern: CN=(.*),DC=test,DC=com
             groupSearchBase: dc=test,dc=com
+            groupSearchScope: 1
             userNameAttribute: cn
             userMemberOfAttributePattern: CN=(.*),DC=test,DC=com
             userObjectClass: organizationalRole
             userSearchBase: dc=test,dc=com
+            userSearchScope: 1
   dependencies:
     kafkaRest:
       authentication: