[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: AD Auth issues



Hi Bill,

have you looked up if there are any LDAPgroupsyncs configured in your prod cluster? With this you can define which attribute to use as the username.

Cheers,
Alexander


On Tue, Mar 12, 2019 at 3:29 PM <william dossett gmail com> wrote:
Hi,

I am learning OpenShift from the ground up.  I'm following a
LinuxAcademy course for OpenShirt certification with a few
modifications in my lab.

First off we have two production OC clusters, one on prem and one in
AWS.  The person that set them up has left the company so I am trying
to get up to speed as quickly as possible.

The on-prem cluster uses LDAP Authentiation.  I have a cluster running
in my lab at home on VMs and I have a full windows domain to work with
here.  I have also setup LDAP authentication and it is working - but
different to the production on-prem cluster.  Our oauth sections in
master-config.yaml are identicle save for the searver names.  But when
I do get users on the production system it returns a line like this:

prod version 3.11.69

TU001SW           28a5570e-e66d-11e8-81ae-
00505690739d   TU001SW           pbi:CN=TU001SW,OU=INDIA-
NOIDA,OU=Provisioned,OU=Users,DC=ourdomain,DC=global,DC=pvt

so it is the user GUID under user Name

I do oc get users in my lab

lab version 3.5.5.31.80

CN=jack,OU=OC-Users,DC=terrapin,DC=local        727be142-4449-11e9-
966b-00505696ac63   jack           terrapin:CN=jack,OU=OC-
Users,DC=terrapin,DC=local

which is the Distingueshed Name under name.

I can login with LDAP users to the console fine but this is what gets
populated.

I am running windows 2016 servers on my lab and I think the production
network is back around 2008 functional level.

The main problem is that I can't seem to work with the users in the
format they are on my lab.

for instance trying to put a label on one of my users results in:

root oc-master ~]# oc label user "CN=law,OU=OC-
Users,DC=terrapin,DC=local" org=Terrapin
error: invalid label spec: CN=law,OU=OC-Users,DC=terrapin,DC=local
See 'oc label -h' for help and examples.

I have tryid jus CN=law  just law, etc...

My oauth stanza is this:

oauthConfig:
  assetPublicURL: https://oc-master.terrapin.local:8443/console/
  grantConfig:
    method: auto
  identityProviders:
  - challenge: true
    login: true
    mappingMethod: claim
    name: terrapin
    provider:
      apiVersion: v1
      attributes:
        email:
        - mail
        id:
        - dn
        name:
        - cn
        preferredUsername:
        - sAMAccoutName
      bindDN: billd terrapin local
      bindPassword: verysecretpw
      insecure: true
      kind: LDAPPasswordIdentityProvider
      url:
"ldap://fender.terrapin.local:389/dc=terrapin,dc=local?sAMAccountName"

Any help on this would be greatly appreciate as I can't move forward at
the moment and I do need to be able to work with users in my lab.

Thanks
Bill


_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users


--

Alexander Bartilla

IT-Consultant

Cloudwerkstatt GmbH - Reisnerstraße 13/6– A-1030 Wien

+43-660-8989058

alexander bartilla cloudwerkstatt com


id:image001 png 01D24B57 D1D08F70


Cloudwerkstatt GmbH - Reisnerstraße 13/6 - A-1030 Wien - ATU68384759 - FN408516i - Handelsgericht Wien


PNG image


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]