[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: OpenShift Origin Active Directory Authentication



When you restart, what log messages are printed in origin-master?

On Jul 11, 2017, at 10:19 PM, Werner, Mark <Mark Werner unisys com> wrote:

I am really struggling to get Active Directory authentication to work.

The oauthConfig section of the master-config.yaml file starts out like this and all is fine.

oauthConfig:

  assetPublicURL: https://master.domain.local:8443/console/

  grantConfig:

    method: auto

  identityProviders:

  - challenge: true

    login: true

    mappingMethod: claim

    name: allow_all

    provider:

      apiVersion: v1

      kind: AllowAllPasswordIdentityProvider

  masterCA: ca-bundle.crt

  masterPublicURL: https://master.domain.local:8443

  masterURL: https://master.domain.local:8443

Then I attempt to modify the oauthConfig section of the master-config.yaml file to look like this.

oauthConfig:

  assetPublicURL: https://master.domain.local:8443/console/

  grantConfig:

    method: auto

  identityProviders:

  - name: Active_Directory

    challenge: true

    login: true

    mappingMethod: claim

    provider:

      apiVersion: v1

      kind: LDAPPasswordIdentityProvider

      attributes:

        id:

        - dn

        email:

        - mail

        name:

        - cn

        preferredUsername:

        - uid

      bindDN: "cn=openshift,cn=users,dc=domain,dc=local"

      bindPassword: "password"

      insecure: true

      url: ldap://dc.domain.local:389/cn=users,dc=domain,dc=local?uid

  assetPublicURL: https://master.domain.local:8443/console/

  masterPublicURL: https://master.domain.local:8443

  masterURL: https://master.domain.local:8443

Then I try to restart the origin-master service and it fails to restart, and won't start again, not even on reboot. If I revert back to the old master-config.yaml file everything works fine again, and origin-master service starts with no problem.

The user "openshift" has been created in Active Directory with the correct password.

I have even tried using url: ldaps://dc.domain.local:686/cn=users,dc=domain,dc=local?uid

That doesn't work either. I cannot seem to figure out what I am doing wrong and what the origin-master service does not like about the modified master-config.yaml file that keeps it from starting.

 

 

Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services

Unisys | Mobile Phone 586.214.9017 | mark werner unisys com

11720 Plaza America Drive, Reston, VA 20190

 

<image001.png>

 

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices.

<image002.jpg>  <image003.jpg> <image004.jpg><image005.jpg><image006.jpg><image007.jpg><image008.jpg>

 

_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]