Hi,I just wanted to check what the proper way is to limit which users are allowed to login to OpenShift via an LDAP group.There doesn't seem to be a way during authentication, but on the authorisation side of things I found that if I removed "system:authenticated" from the basic-user cluster role binding then that seemed to have the desired effect. Is this the right way?
So I ran these 2 commands:oc adm policy add-cluster-role-to-group basic-user staffoc adm policy remove-cluster-role-from-group basic-user system:authenticatedAfter which only users in the staff group can login if that don't already have other permissions.The effect on the console is a little odd. You can login ok and it shows an error screen, then you click continue and then you are redirected back to the login screen.Thanks,Joel
users mailing list
users lists openshift redhat