[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Limiting which LDAP users can login


I just wanted to check what the proper way is to limit which users are allowed to login to OpenShift via an LDAP group.

There doesn't seem to be a way during authentication, but on the authorisation side of things I found that if I removed "system:authenticated" from the basic-user cluster role binding then that seemed to have the desired effect.  Is this the right way? 

So I ran these 2 commands:

oc adm policy add-cluster-role-to-group basic-user staff
oc adm policy remove-cluster-role-from-group basic-user system:authenticated

After which only users in the staff group can login if that don't already have other permissions.

The effect on the console is a little odd.  You can login ok and it shows an error screen, then you click continue and then you are redirected back to the login screen.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]