[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: AD Auth issues



On Tue, 2019-03-12 at 15:43 +0100, Alexander Bartilla wrote:
> Hi Bill,
> 
> have you looked up if there are any LDAPgroupsyncs configured in your
> prod cluster? With this you can define which attribute to use as the
> username.
> 

I have not, but I am looking now, I'm having some troulbe understanding
how to see if there are...  the docs I am reading don't seem to say
where the config file would be located...  or how the syncs get run,
but I will continue googling and reading, thank you!

> Cheers,
> Alexander
> 
> 
> On Tue, Mar 12, 2019 at 3:29 PM <william dossett gmail com> wrote:
> > Hi,
> > 
> > I am learning OpenShift from the ground up.  I'm following a
> > LinuxAcademy course for OpenShirt certification with a few
> > modifications in my lab.
> > 
> > First off we have two production OC clusters, one on prem and one
> > in
> > AWS.  The person that set them up has left the company so I am
> > trying
> > to get up to speed as quickly as possible.
> > 
> > The on-prem cluster uses LDAP Authentiation.  I have a cluster
> > running
> > in my lab at home on VMs and I have a full windows domain to work
> > with
> > here.  I have also setup LDAP authentication and it is working -
> > but
> > different to the production on-prem cluster.  Our oauth sections in
> > master-config.yaml are identicle save for the searver names.  But
> > when
> > I do get users on the production system it returns a line like
> > this:
> > 
> > prod version 3.11.69
> > 
> > TU001SW           28a5570e-e66d-11e8-81ae-
> > 00505690739d   TU001SW           pbi:CN=TU001SW,OU=INDIA-
> > NOIDA,OU=Provisioned,OU=Users,DC=ourdomain,DC=global,DC=pvt
> > 
> > so it is the user GUID under user Name
> > 
> > I do oc get users in my lab
> > 
> > lab version 3.5.5.31.80
> > 
> > CN=jack,OU=OC-Users,DC=terrapin,DC=local        727be142-4449-11e9-
> > 966b-00505696ac63   jack           terrapin:CN=jack,OU=OC-
> > Users,DC=terrapin,DC=local
> > 
> > which is the Distingueshed Name under name.
> > 
> > I can login with LDAP users to the console fine but this is what
> > gets
> > populated.
> > 
> > I am running windows 2016 servers on my lab and I think the
> > production
> > network is back around 2008 functional level.
> > 
> > The main problem is that I can't seem to work with the users in the
> > format they are on my lab.
> > 
> > for instance trying to put a label on one of my users results in:
> > 
> > root oc-master ~]# oc label user "CN=law,OU=OC-
> > Users,DC=terrapin,DC=local" org=Terrapin
> > error: invalid label spec: CN=law,OU=OC-Users,DC=terrapin,DC=local
> > See 'oc label -h' for help and examples.
> > 
> > I have tryid jus CN=law  just law, etc...
> > 
> > My oauth stanza is this:
> > 
> > oauthConfig:
> >   assetPublicURL: https://oc-master.terrapin.local:8443/console/
> >   grantConfig:
> >     method: auto
> >   identityProviders:
> >   - challenge: true
> >     login: true
> >     mappingMethod: claim
> >     name: terrapin
> >     provider:
> >       apiVersion: v1
> >       attributes:
> >         email:
> >         - mail
> >         id:
> >         - dn
> >         name:
> >         - cn
> >         preferredUsername:
> >         - sAMAccoutName
> >       bindDN: billd terrapin local
> >       bindPassword: verysecretpw
> >       insecure: true
> >       kind: LDAPPasswordIdentityProvider
> >       url:
> > "ldap://fender.terrapin.local:389/dc=terrapin,dc=local?sAMAccountNa
> > me"
> > 
> > Any help on this would be greatly appreciate as I can't move
> > forward at
> > the moment and I do need to be able to work with users in my lab.
> > 
> > Thanks
> > Bill
> > 
> > 
> > _______________________________________________
> > users mailing list
> > users lists openshift redhat com
> > http://lists.openshift.redhat.com/openshiftmm/listinfo/users
> 
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]