[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: AD Auth issues

Hi Bill,

have you looked up if there are any LDAPgroupsyncs configured in your prod cluster? With this you can define which attribute to use as the username.


On Tue, Mar 12, 2019 at 3:29 PM <william dossett gmail com> wrote:

I am learning OpenShift from the ground up.  I'm following a
LinuxAcademy course for OpenShirt certification with a few
modifications in my lab.

First off we have two production OC clusters, one on prem and one in
AWS.  The person that set them up has left the company so I am trying
to get up to speed as quickly as possible.

The on-prem cluster uses LDAP Authentiation.  I have a cluster running
in my lab at home on VMs and I have a full windows domain to work with
here.  I have also setup LDAP authentication and it is working - but
different to the production on-prem cluster.  Our oauth sections in
master-config.yaml are identicle save for the searver names.  But when
I do get users on the production system it returns a line like this:

prod version 3.11.69

TU001SW           28a5570e-e66d-11e8-81ae-
00505690739d   TU001SW           pbi:CN=TU001SW,OU=INDIA-

so it is the user GUID under user Name

I do oc get users in my lab

lab version

CN=jack,OU=OC-Users,DC=terrapin,DC=local        727be142-4449-11e9-
966b-00505696ac63   jack           terrapin:CN=jack,OU=OC-

which is the Distingueshed Name under name.

I can login with LDAP users to the console fine but this is what gets

I am running windows 2016 servers on my lab and I think the production
network is back around 2008 functional level.

The main problem is that I can't seem to work with the users in the
format they are on my lab.

for instance trying to put a label on one of my users results in:

root oc-master ~]# oc label user "CN=law,OU=OC-
Users,DC=terrapin,DC=local" org=Terrapin
error: invalid label spec: CN=law,OU=OC-Users,DC=terrapin,DC=local
See 'oc label -h' for help and examples.

I have tryid jus CN=law  just law, etc...

My oauth stanza is this:

  assetPublicURL: https://oc-master.terrapin.local:8443/console/
    method: auto
  - challenge: true
    login: true
    mappingMethod: claim
    name: terrapin
      apiVersion: v1
        - mail
        - dn
        - cn
        - sAMAccoutName
      bindDN: billd terrapin local
      bindPassword: verysecretpw
      insecure: true
      kind: LDAPPasswordIdentityProvider

Any help on this would be greatly appreciate as I can't move forward at
the moment and I do need to be able to work with users in my lab.


users mailing list
users lists openshift redhat com


Alexander Bartilla


Cloudwerkstatt GmbH - Reisnerstraße 13/6– A-1030 Wien


alexander bartilla cloudwerkstatt com

id:image001 png 01D24B57 D1D08F70

Cloudwerkstatt GmbH - Reisnerstraße 13/6 - A-1030 Wien - ATU68384759 - FN408516i - Handelsgericht Wien

PNG image

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]