[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: OpenShift Origin Active Directory Authentication



Hi, I have just gotten past the issue with the master not starting or restarting. It starts now. But I am trying to login with an AD account and receive Authentication Error Occurred. Not sure what the syntax should be. I try domain\username and username domain local, or just username.

 

Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services

Unisys | Mobile Phone 586.214.9017 | mark werner unisys com

11720 Plaza America Drive, Reston, VA 20190

 

unisys_logo

 

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices.

Grey_LI  Grey_TW Grey_GPGrey_YTGrey_FBGrey_VimeoGrey_UB

 

From: Rodrigo Bersa [mailto:rbersa redhat com]
Sent: Wednesday, July 12, 2017 3:00 PM
To: Javier Palacios <jpalacios net4things com>
Cc: Werner, Mark <Mark Werner unisys com>; users lists openshift redhat com
Subject: Re: OpenShift Origin Active Directory Authentication

 

Hi Mark,

I believe maybe the syntax is not right..

Could you try this?

oauthConfig:

  assetPublicURL: https://master.domain.local:8443/console/

  grantConfig:

    method: auto

  identityProviders:

  - challenge: true

    login: true

    mappingMethod: claim

    name: Active_Directory

    provider:

      apiVersion: v1

      kind: LDAPPasswordIdentityProvider

      attributes:

        id:

        - dn

        email:

        - mail

        name:

        - cn

        preferredUsername:

        - uid

      bindDN: "cn=openshift,cn=users,dc=domain,dc=local"

      bindPassword: "password"

      insecure: true

      url: ldap://dc.domain.local:389/cn=users,dc=domain,dc=local?uid

  masterPublicURL: https://master.domain.local:8443

  masterURL: https://master.domain.local:8443

Best regards,


Rodrigo Bersa

Cloud Consultant, RHCVA, RHCE

Red Hat Brasil

rbersa redhat com    M: +55 11 99557-5841

Red Hat



 

On Wed, Jul 12, 2017 at 2:15 PM, Javier Palacios <jpalacios net4things com> wrote:


> I did try sAMAccountName at first and was getting the same results. Then I
> had read that variable was for older Windows machines so I tried uid as that
> was the other example I saw.

The relevant part of my master-config.yaml is below, and appart from using ldaps, I don't see any other difference. If the uid attribute is valid on your schema, the yours seems ok.

Javier Palacios

  identityProviders:
  - challenge: true
    login: true
    mappingMethod: claim
    name: n4tdc1
    provider:
      apiVersion: v1
      attributes:
        email:
        - mail
        id:
        - dn
        name:
        - cn
        preferredUsername:
        - sAMAccountName
      bindDN: CN=openshift,OU=N4T-USERS,dc=net4things,dc=local
      bindPassword: ********
      ca: ad-ldap-ca.crt
      insecure: false
      kind: LDAPPasswordIdentityProvider
      url: ldaps://n4tdc1.net4things.local/dc=net4things,dc=local?sAMAccountName




_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]