Active Directory Login Portal deploy error

Question

Active Directory Login Portal deploy error

devopstales opened this issue 4 years ago · comments

Deploy failed with error:

in js : {"type":"ADDED","object":{"apiVersion":"openunison.tremolo.io/v1","kind":"OpenUnison","metadata":{"creationTimestamp":"2020-04-08T09:46:11Z","generation":1,"name":"orchestra","namespace":"auth-system","resourceVersion":"34138","selfLink":"/apis/openunison.tremolo.io/v1/namespaces/auth-system/openunisons/orchestra","uid":"39070581-878e-424c-9d2c-f4296b804b66"},"spec":{"activemq_image":"docker.io/tremolosecurity/activemq-docker:latest","dest_secret":"orchestra","enable_activemq":true,"hosts":[{"ingress_name":"openunison","names":[{"env_var":"OU_HOST","name":"kubectl.k8s.intra"},{"env_var":"K8S_DASHBOARD_HOST","name":"dash.k8s.intra"}],"secret_name":"ou-tls-certificate"}],"image":"docker.io/tremolosecurity/openunison-k8s-activedirectory:latest","key_store":{"key_pairs":{"create_keypair_template":[{"name":"ou","value":"Kubernetes"},{"name":"o","value":"MyOrg"},{"name":"l","value":"K8S"},{"name":"st","value":"Budapest"},{"name":"c","value":"HU"}],"keys":[{"create_data":{"ca_cert":true,"key_size":2048,"server_name":"openunison.openunison.svc.cluster.local","sign_by_k8s_ca":false,"subject_alternative_names":[]},"import_into_ks":"keypair","name":"unison-tls"},{"create_data":{"ca_cert":true,"key_size":2048,"server_name":"kubectl.k8s.intra","sign_by_k8s_ca":false,"subject_alternative_names":["dash.k8s.intra"]},"import_into_ks":"certificate","name":"unison-ca","tls_secret_name":"ou-tls-certificate"},{"create_data":{"ca_cert":true,"delete_pods_labels":["k8s-app=kubernetes-dashboard"],"key_size":2048,"secret_info":{"cert_name":"dashboard.crt","key_name":"dashboard.key","type_of_secret":"Opaque"},"server_name":"kubernetes-dashboard.kubernetes-dashboard-system.svc.cluster.local","sign_by_k8s_ca":false,"subject_alternative_names":[],"target_namespace":"kubernetes-dashboard-system"},"import_into_ks":"certificate","name":"kubernetes-dashboard","replace_if_exists":true,"tls_secret_name":"kubernetes-dashboard-tls"},{"create_data":{"ca_cert":true,"key_size":2048,"server_name":"unison-saml2-rp-sig","sign_by_k8s_ca":false,"subject_alternative_names":[]},"import_into_ks":"keypair","name":"unison-saml2-rp-sig"},{"create_data":{"ca_cert":true,"key_size":2048,"server_name":"amq.openunison.svc.cluster.local","sign_by_k8s_ca":false,"subject_alternative_names":[]},"import_into_ks":"certificate","name":"amq-server","replace_if_exists":true,"tls_secret_name":"orchestra-amq-server"},{"create_data":{"ca_cert":true,"key_size":2048,"server_name":"amq-client","sign_by_k8s_ca":false,"subject_alternative_names":[]},"import_into_ks":"keypair","name":"amq-client","tls_secret_name":"orchestra-amq-client"}]},"static_keys":[{"name":"session-unison","version":1},{"name":"lastmile-oidc","version":1}],"trusted_certificates":[{"name":"ldaps","pem_data":"SDFGSDFGHDFHSDFGSDGSDFGDS"},{"name":"ldaps2","pem_data":"SDFGSDFGDHSDRT#$%#$%SDSDTF"}],"update_controller":{"days_to_expire":10,"image":"docker.io/tremolosecurity/kubernetes-artifact-deployment:1.1.0","schedule":"0 2 * * *"}},"non_secret_data":[{"name":"K8S_URL","value":"https://172.17.8.101:6443"},{"name":"AD_BASE_DN","value":"dc=mydomain,dc=intra"},{"name":"AD_HOST","value":"openldap"},{"name":"AD_PORT","value":"389"},{"name":"AD_BIND_DN","value":"cn=admin,dc=mydomain,dc=intra"},{"name":"AD_CON_TYPE","value":"ldap"},{"name":"SRV_DNS","value":"false"},{"name":"SESSION_INACTIVITY_TIMEOUT_SECONDS","value":"900"},{"name":"MYVD_CONFIG_PATH","value":"WEB-INF/myvd.conf"},{"name":"K8S_DASHBOARD_NAMESPACE","value":"kubernetes-dashboard-system"},{"name":"K8S_CLUSTER_NAME","value":"kubernetes"},{"name":"OU_HIBERNATE_DIALECT","value":"org.hibernate.dialect.MySQL5InnoDBDialect"},{"name":"OU_QUARTZ_DIALECT","value":"org.quartz.impl.jdbcjobstore.StdJDBCDelegate"},{"name":"OU_JDBC_DRIVER","value":"com.mysql.jdbc.Driver"},{"name":"OU_JDBC_URL","value":"jdbc:mysql://mysql:3306/openunison"},{"name":"OU_JDBC_USER","value":"root"},{"name":"OU_JDBC_VALIDATION","value":"SELECT 1"},{"name":"SMTP_HOST","value":"smtp.gmail.com"},{"name":"SMTP_PORT","value":"587"},{"name":"SMTP_USER","value":"donotreply@domain.com"},{"name":"SMTP_FROM","value":"donotreply@domain.com"},{"name":"SMTP_TLS","value":"true"}],"openunison_network_configuration":{"activemq_dir":"/tmp/amq","allowed_client_names":[],"ciphers":["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"],"client_auth":"none","force_to_secure":true,"open_external_port":80,"open_port":8080,"path_to_deployment":"/usr/local/openunison/work","path_to_env_file":"/etc/openunison/ou.env","quartz_dir":"/tmp/quartz","secure_external_port":443,"secure_key_alias":"unison-tls","secure_port":8443},"replicas":1,"run_sql":"# By: Ron Cordell - roncordell\n#  I didn't see this anywhere, so I thought I'd post it here. This is the script from Quartz to create the tables in a MySQL database, modified to use INNODB instead of MYISAM.\n\n\n# make sure you have UTF-8 collaction for best .NET interoperability\n# CREATE DATABASE quartznet CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;\n\nDROP TABLE IF EXISTS QRTZ_FIRED_TRIGGERS;\nDROP TABLE IF EXISTS QRTZ_PAUSED_TRIGGER_GRPS;\nDROP TABLE IF EXISTS QRTZ_SCHEDULER_STATE;\nDROP TABLE IF EXISTS QRTZ_LOCKS;\nDROP TABLE IF EXISTS QRTZ_SIMPLE_TRIGGERS;\nDROP TABLE IF EXISTS QRTZ_SIMPROP_TRIGGERS;\nDROP TABLE IF EXISTS QRTZ_CRON_TRIGGERS;\nDROP TABLE IF EXISTS QRTZ_BLOB_TRIGGERS;\nDROP TABLE IF EXISTS QRTZ_TRIGGERS;\nDROP TABLE IF EXISTS QRTZ_JOB_DETAILS;\nDROP TABLE IF EXISTS QRTZ_CALENDARS;\n\nCREATE TABLE QRTZ_JOB_DETAILS(\nSCHED_NAME VARCHAR(120) NOT NULL,\nJOB_NAME VARCHAR(200) NOT NULL,\nJOB_GROUP VARCHAR(200) NOT NULL,\nDESCRIPTION VARCHAR(250) NULL,\nJOB_CLASS_NAME VARCHAR(250) NOT NULL,\nIS_DURABLE BOOLEAN NOT NULL,\nIS_NONCONCURRENT BOOLEAN NOT NULL,\nIS_UPDATE_DATA BOOLEAN NOT NULL,\nREQUESTS_RECOVERY BOOLEAN NOT NULL,\nJOB_DATA BLOB NULL,\nPRIMARY KEY (SCHED_NAME,JOB_NAME,JOB_GROUP))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_TRIGGERS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nTRIGGER_NAME VARCHAR(200) NOT NULL,\nTRIGGER_GROUP VARCHAR(200) NOT NULL,\nJOB_NAME VARCHAR(200) NOT NULL,\nJOB_GROUP VARCHAR(200) NOT NULL,\nDESCRIPTION VARCHAR(250) NULL,\nNEXT_FIRE_TIME BIGINT(19) NULL,\nPREV_FIRE_TIME BIGINT(19) NULL,\nPRIORITY INTEGER NULL,\nTRIGGER_STATE VARCHAR(16) NOT NULL,\nTRIGGER_TYPE VARCHAR(8) NOT NULL,\nSTART_TIME BIGINT(19) NOT NULL,\nEND_TIME BIGINT(19) NULL,\nCALENDAR_NAME VARCHAR(200) NULL,\nMISFIRE_INSTR SMALLINT(2) NULL,\nJOB_DATA BLOB NULL,\nPRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),\nFOREIGN KEY (SCHED_NAME,JOB_NAME,JOB_GROUP)\nREFERENCES QRTZ_JOB_DETAILS(SCHED_NAME,JOB_NAME,JOB_GROUP))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_SIMPLE_TRIGGERS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nTRIGGER_NAME VARCHAR(200) NOT NULL,\nTRIGGER_GROUP VARCHAR(200) NOT NULL,\nREPEAT_COUNT BIGINT(7) NOT NULL,\nREPEAT_INTERVAL BIGINT(12) NOT NULL,\nTIMES_TRIGGERED BIGINT(10) NOT NULL,\nPRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),\nFOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP)\nREFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_CRON_TRIGGERS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nTRIGGER_NAME VARCHAR(200) NOT NULL,\nTRIGGER_GROUP VARCHAR(200) NOT NULL,\nCRON_EXPRESSION VARCHAR(120) NOT NULL,\nTIME_ZONE_ID VARCHAR(80),\nPRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),\nFOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP)\nREFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_SIMPROP_TRIGGERS\n  (          \n    SCHED_NAME VARCHAR(120) NOT NULL,\n    TRIGGER_NAME VARCHAR(200) NOT NULL,\n    TRIGGER_GROUP VARCHAR(200) NOT NULL,\n    STR_PROP_1 VARCHAR(512) NULL,\n    STR_PROP_2 VARCHAR(512) NULL,\n    STR_PROP_3 VARCHAR(512) NULL,\n    INT_PROP_1 INT NULL,\n    INT_PROP_2 INT NULL,\n    LONG_PROP_1 BIGINT NULL,\n    LONG_PROP_2 BIGINT NULL,\n    DEC_PROP_1 NUMERIC(13,4) NULL,\n    DEC_PROP_2 NUMERIC(13,4) NULL,\n    BOOL_PROP_1 BOOLEAN NULL,\n    BOOL_PROP_2 BOOLEAN NULL,\n    TIME_ZONE_ID VARCHAR(80) NULL,\n    PRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),\n    FOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP) \n    REFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_BLOB_TRIGGERS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nTRIGGER_NAME VARCHAR(200) NOT NULL,\nTRIGGER_GROUP VARCHAR(200) NOT NULL,\nBLOB_DATA BLOB NULL,\nPRIMARY KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP),\nINDEX (SCHED_NAME,TRIGGER_NAME, TRIGGER_GROUP),\nFOREIGN KEY (SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP)\nREFERENCES QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_CALENDARS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nCALENDAR_NAME VARCHAR(200) NOT NULL,\nCALENDAR BLOB NOT NULL,\nPRIMARY KEY (SCHED_NAME,CALENDAR_NAME))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_PAUSED_TRIGGER_GRPS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nTRIGGER_GROUP VARCHAR(200) NOT NULL,\nPRIMARY KEY (SCHED_NAME,TRIGGER_GROUP))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_FIRED_TRIGGERS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nENTRY_ID VARCHAR(140) NOT NULL,\nTRIGGER_NAME VARCHAR(200) NOT NULL,\nTRIGGER_GROUP VARCHAR(200) NOT NULL,\nINSTANCE_NAME VARCHAR(200) NOT NULL,\nFIRED_TIME BIGINT(19) NOT NULL,\nSCHED_TIME BIGINT(19) NOT NULL,\nPRIORITY INTEGER NOT NULL,\nSTATE VARCHAR(16) NOT NULL,\nJOB_NAME VARCHAR(200) NULL,\nJOB_GROUP VARCHAR(200) NULL,\nIS_NONCONCURRENT BOOLEAN NULL,\nREQUESTS_RECOVERY BOOLEAN NULL,\nPRIMARY KEY (SCHED_NAME,ENTRY_ID))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_SCHEDULER_STATE (\nSCHED_NAME VARCHAR(120) NOT NULL,\nINSTANCE_NAME VARCHAR(200) NOT NULL,\nLAST_CHECKIN_TIME BIGINT(19) NOT NULL,\nCHECKIN_INTERVAL BIGINT(19) NOT NULL,\nPRIMARY KEY (SCHED_NAME,INSTANCE_NAME))\nENGINE=InnoDB;\n\nCREATE TABLE QRTZ_LOCKS (\nSCHED_NAME VARCHAR(120) NOT NULL,\nLOCK_NAME VARCHAR(40) NOT NULL,\nPRIMARY KEY (SCHED_NAME,LOCK_NAME))\nENGINE=InnoDB;\n\nCREATE INDEX IDX_QRTZ_J_REQ_RECOVERY ON QRTZ_JOB_DETAILS(SCHED_NAME,REQUESTS_RECOVERY);\nCREATE INDEX IDX_QRTZ_J_GRP ON QRTZ_JOB_DETAILS(SCHED_NAME,JOB_GROUP);\n\nCREATE INDEX IDX_QRTZ_T_J ON QRTZ_TRIGGERS(SCHED_NAME,JOB_NAME,JOB_GROUP);\nCREATE INDEX IDX_QRTZ_T_JG ON QRTZ_TRIGGERS(SCHED_NAME,JOB_GROUP);\nCREATE INDEX IDX_QRTZ_T_C ON QRTZ_TRIGGERS(SCHED_NAME,CALENDAR_NAME);\nCREATE INDEX IDX_QRTZ_T_G ON QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_GROUP);\nCREATE INDEX IDX_QRTZ_T_STATE ON QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_STATE);\nCREATE INDEX IDX_QRTZ_T_N_STATE ON QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP,TRIGGER_STATE);\nCREATE INDEX IDX_QRTZ_T_N_G_STATE ON QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_GROUP,TRIGGER_STATE);\nCREATE INDEX IDX_QRTZ_T_NEXT_FIRE_TIME ON QRTZ_TRIGGERS(SCHED_NAME,NEXT_FIRE_TIME);\nCREATE INDEX IDX_QRTZ_T_NFT_ST ON QRTZ_TRIGGERS(SCHED_NAME,TRIGGER_STATE,NEXT_FIRE_TIME);\nCREATE INDEX IDX_QRTZ_T_NFT_MISFIRE ON QRTZ_TRIGGERS(SCHED_NAME,MISFIRE_INSTR,NEXT_FIRE_TIME);\nCREATE INDEX IDX_QRTZ_T_NFT_ST_MISFIRE ON QRTZ_TRIGGERS(SCHED_NAME,MISFIRE_INSTR,NEXT_FIRE_TIME,TRIGGER_STATE);\nCREATE INDEX IDX_QRTZ_T_NFT_ST_MISFIRE_GRP ON QRTZ_TRIGGERS(SCHED_NAME,MISFIRE_INSTR,NEXT_FIRE_TIME,TRIGGER_GROUP,TRIGGER_STATE);\n\nCREATE INDEX IDX_QRTZ_FT_TRIG_INST_NAME ON QRTZ_FIRED_TRIGGERS(SCHED_NAME,INSTANCE_NAME);\nCREATE INDEX IDX_QRTZ_FT_INST_JOB_REQ_RCVRY ON QRTZ_FIRED_TRIGGERS(SCHED_NAME,INSTANCE_NAME,REQUESTS_RECOVERY);\nCREATE INDEX IDX_QRTZ_FT_J_G ON QRTZ_FIRED_TRIGGERS(SCHED_NAME,JOB_NAME,JOB_GROUP);\nCREATE INDEX IDX_QRTZ_FT_JG ON QRTZ_FIRED_TRIGGERS(SCHED_NAME,JOB_GROUP);\nCREATE INDEX IDX_QRTZ_FT_T_G ON QRTZ_FIRED_TRIGGERS(SCHED_NAME,TRIGGER_NAME,TRIGGER_GROUP);\nCREATE INDEX IDX_QRTZ_FT_TG ON QRTZ_FIRED_TRIGGERS(SCHED_NAME,TRIGGER_GROUP);\n\nDROP TABLE IF EXISTS ACTIVEMQ_ACKS;\nDROP TABLE IF EXISTS ACTIVEMQ_LOCK;\nDROP TABLE IF EXISTS ACTIVEMQ_MSGS;\n\n\nCREATE TABLE `ACTIVEMQ_ACKS` (\n  `CONTAINER` varchar(250) NOT NULL,\n  `SUB_DEST` varchar(250) DEFAULT NULL,\n  `CLIENT_ID` varchar(250) NOT NULL,\n  `SUB_NAME` varchar(250) NOT NULL,\n  `SELECTOR` varchar(250) DEFAULT NULL,\n  `LAST_ACKED_ID` bigint(20) DEFAULT NULL,\n  `PRIORITY` bigint(20) NOT NULL DEFAULT '5',\n  `XID` varchar(250) DEFAULT NULL,\n  PRIMARY KEY (`CONTAINER`,`CLIENT_ID`,`SUB_NAME`,`PRIORITY`),\n  KEY `ACTIVEMQ_ACKS_XIDX` (`XID`)\n);\n\nCREATE TABLE `ACTIVEMQ_LOCK` (\n  `ID` bigint(20) NOT NULL,\n  `TIME` bigint(20) DEFAULT NULL,\n  `BROKER_NAME` varchar(250) DEFAULT NULL,\n  PRIMARY KEY (`ID`)\n);\n\nCREATE TABLE `ACTIVEMQ_MSGS` (\n  `ID` bigint(20) NOT NULL,\n  `CONTAINER` varchar(250) NOT NULL,\n  `MSGID_PROD` varchar(250) DEFAULT NULL,\n  `MSGID_SEQ` bigint(20) DEFAULT NULL,\n  `EXPIRATION` bigint(20) DEFAULT NULL,\n  `MSG` mediumblob,\n  `PRIORITY` bigint(20) DEFAULT NULL,\n  `XID` varchar(250) DEFAULT NULL,\n  PRIMARY KEY (`ID`),\n  KEY `ACTIVEMQ_MSGS_MIDX` (`MSGID_PROD`,`MSGID_SEQ`),\n  KEY `ACTIVEMQ_MSGS_CIDX` (`CONTAINER`),\n  KEY `ACTIVEMQ_MSGS_EIDX` (`EXPIRATION`),\n  KEY `ACTIVEMQ_MSGS_PIDX` (`PRIORITY`),\n  KEY `ACTIVEMQ_MSGS_XIDX` (`XID`)\n);\ncommit;","secret_data":["AD_BIND_PASSWORD","K8S_DB_SECRET","unisonKeystorePassword","SMTP_PASSWORD","OU_JDBC_PASSWORD"],"source_secret":"orchestra-secrets-source"}}}
Getting host variable names
Host  #0
Name #0
OU_HOST
kubectl.k8s.intra
Name #1
K8S_DASHBOARD_HOST
dash.k8s.intra
Creating openunison keystore
Storing k8s certificate
Storing trusted certificates
Error on watch - /apis/openunison.tremolo.io/v1/namespaces/auth-system/openunisons?watch=true&resourceVersion=26361
java.lang.IllegalArgumentException: Last unit does not have enough valid bits
	at java.util.Base64$Decoder.decode0(Base64.java:734)
	at java.util.Base64$Decoder.decode(Base64.java:526)
	at java.util.Base64$Decoder.decode(Base64.java:549)
	at com.tremolosecurity.kubernetes.artifacts.util.CertUtils.pem2certs(CertUtils.java:351)
	at com.tremolosecurity.kubernetes.artifacts.util.CertUtils.importCertificate(CertUtils.java:327)
	at jdk.nashorn.internal.scripts.Script$Recompilation$22$18145A$\^eval\_.generate_openunison_secret(<eval>:537)
	at jdk.nashorn.internal.scripts.Script$Recompilation$19$52A$\^eval\_.on_watch(<eval>:10)
	at jdk.nashorn.internal.runtime.ScriptFunctionData.invoke(ScriptFunctionData.java:639)
	at jdk.nashorn.internal.runtime.ScriptFunction.invoke(ScriptFunction.java:494)
	at jdk.nashorn.internal.runtime.ScriptRuntime.apply(ScriptRuntime.java:393)
	at jdk.nashorn.api.scripting.ScriptObjectMirror.callMember(ScriptObjectMirror.java:199)
	at jdk.nashorn.api.scripting.NashornScriptEngine.invokeImpl(NashornScriptEngine.java:386)
	at jdk.nashorn.api.scripting.NashornScriptEngine.invokeFunction(NashornScriptEngine.java:190)
	at com.tremolosecurity.kubernetes.artifacts.util.K8sUtils.watchURI(K8sUtils.java:385)
	at com.tremolosecurity.kubernetes.artifacts.run.RunWatch.run(RunWatch.java:25)
	at java.lang.Thread.run(Thread.java:748)
Resource Version - 34141 - false

Marc Boorshtein · Answer 1 · Wed Apr 08 2020 18:34:27 GMT+0800 (China Standard Time)

in your values.yaml you have the two default trusted certs which are dummy values and not real base64 encoded certs. It looks like you're trying to integrate with openldap on 389 and don't need certs so you can replace

trusted_certs:
  - name: ldaps
    pem_b64: SDFGSDFGHDFHSDFGSDGSDFGDS
  - name: ldaps2
    pem_b64: SDFGSDFGDHSDRT#$%#$%SDSDTF

with

trusted_certs: []