[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

LDAP authentication issue with lookup mapping method



Hi all,

I'll try to be as short as possible.

We want to use LDAP authentication, which works with the 'claim' Mapping method.

But we want to use the 'lookup' method as we don't want every dev user can login on the cluster.

We have the following identity provider config:

  identityProviders:
  - challenge: true
    login: true
    mappingMethod: lookup
    name: ldap_provider
    provider:
      apiVersion: v1
      attributes:
        email:
        - mail
        id:
        - dn
        name:
        - cn
        preferredUsername:
        - uid
      bindDN: ''
      bindPassword: ''
      insecure: true
      kind: LDAPPasswordIdentityProvider
      url: ldaps://XXXXXXXXXX/o=YYYYY?uid?sub?(objectClass=person)

We then create the user:

oc create user Marc.Ledent

Then we create the identity

oc create identity ldap_provider:Marc.Ledent

Then we edit both the user and the identity to match the UID

But this does not work. Is there a simple way to debug this?

On the other hand, if we user the 'claim' mapping method, I noticed that the identity name is:

allow_all:Marc.Ledent    allow_all    Marc.Ledent Marc.Ledent   8ab115b1-d789-11e8-abfa-001a4a16039e

with 'allow_all' as provider. Is this normal?

Thanks in advance,
Marc

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]