[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: OpenShift Origin Active Directory Authentication



I did try sAMAccountName at first and was getting the same results. Then I
had read that variable was for older Windows machines so I tried uid as that
was the other example I saw. 

One thing I didn't change was:
  preferredUsername:
        - uid

Would I have to change this to:
  preferredUsername:
        - sAMAccountName

And also use:
url: ldap://dc.domain.local:389/ou=users,dc=domain,dc=local?sAMAccountName



oauthConfig:
  assetPublicURL: https://master.domain.local:8443/console/
  grantConfig:
    method: auto
  identityProviders:
  - name: Active_Directory
    challenge: true
    login: true
	mappingMethod: claim
    provider:
      apiVersion: v1
      kind: LDAPPasswordIdentityProvider
      attributes:
        id:
        - dn
        email:
        - mail
        name:
        - cn
        preferredUsername:
        - uid
      bindDN: "cn=openshift,ou=users,dc=domain,dc=local"
      bindPassword: "password"
      insecure: true
      url: ldap://dc.domain.local:389/ou=users,dc=domain,dc=local?uid


Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services
Unisys | Mobile Phone 586.214.9017 | mark werner unisys com 
11720 Plaza America Drive, Reston, VA 20190



THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is for use only by the intended recipient. If you received this
in error, please contact the sender and delete the e-mail and its
attachments from all devices.
   

-----Original Message-----
From: Javier Palacios [mailto:jpalacios net4things com] 
Sent: Wednesday, July 12, 2017 10:48 AM
To: Werner, Mark <Mark Werner unisys com>; users lists openshift redhat com
Subject: RE: OpenShift Origin Active Directory Authentication


I cannot tell for the oauthConfig, but  for the identity provider you have

>         preferredUsername:
>         - uid

and I'm not sure that attribute exist. It doesn't in the mine at least, and
I'm using sAMAccountName, which is on the default AD schema.
Although I don't see how that could prevent master service to start.

Mine works, but it has ldap authentication since the beginning, as I used
the openshift_master_identity_providers ansible variable.

Javier Palacios

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]