Thank you. That is what I was kind of assuming. And there is my problem. I cannot get a successful logon with an AD user. I am out of ideas. It is easy enough to delete old identity bindings with oc delete identity <identity_provider>:<username>.
I just can’t seem to understand why I cannot get AD authentication to work. Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 | [email protected] <mailto:[email protected]> 11720 Plaza America Drive, Reston, VA 20190 <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <http://www.linkedin.com/company/unisys> <http://twitter.com/unisyscorp> <https://plus.google.com/+UnisysCorp/posts> <http://www.youtube.com/theunisyschannel> <http://www.facebook.com/unisyscorp> <https://vimeo.com/unisys> <http://blogs.unisys.com/> From: Jordan Liggitt [mailto:[email protected]] Sent: Wednesday, July 12, 2017 10:58 PM To: Werner, Mark <[email protected]> Cc: Derek Wright <[email protected]>; [email protected] Subject: Re: OpenShift Origin Active Directory Authentication Configuring a new identity provider does not remove Identity objects created by a previously configured provider, which is why the allow_all object still exists. Also, until you get a successful login with your new LDAP identity provider, you won't see any Identity objects created by it. On Wed, Jul 12, 2017 at 10:55 PM, Werner, Mark <[email protected] <mailto:[email protected]> > wrote: No, the name is AD. But as I understand it the name is arbitrary. The kind is set to LDAPPasswordIdentityProvider, which replaced allow_all. As I understand it this defines the type of Identity Provider. name: AD provider: apiVersion: v1 attributes: email: - mail id: - dn name: - displayName preferredUsername: - sAMAccountName bindDN: CN=OpenShift User,OU=users,DC=domain,DC=local bindPassword: password insecure: true kind: LDAPPasswordIdentityProvider Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 <tel:(586)%20214-9017> | [email protected] <mailto:[email protected]> 11720 Plaza America Drive, Reston, VA 20190 <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <http://www.linkedin.com/company/unisys> <http://twitter.com/unisyscorp> <https://plus.google.com/+UnisysCorp/posts> <http://www.youtube.com/theunisyschannel> <http://www.facebook.com/unisyscorp> <https://vimeo.com/unisys> <http://blogs.unisys.com/> From: Jordan Liggitt [mailto:[email protected] <mailto:[email protected]> ] Sent: Wednesday, July 12, 2017 10:49 PM To: Werner, Mark <[email protected] <mailto:[email protected]> > Cc: Derek Wright <[email protected] <mailto:[email protected]> >; [email protected] <mailto:[email protected]> Subject: Re: OpenShift Origin Active Directory Authentication On Wed, Jul 12, 2017 at 10:41 PM, Werner, Mark <[email protected] <mailto:[email protected]> > wrote: I am wondering why, if I perform a “oc get identity” that the only identity that is returned is allow_all? If I changed the master-config.yaml file to only have the Identity Provider AllowAllPasswordIdentityProvider, then restart the origin=master service. Why doesn’t “oc get identity” return AllowAllPasswordIdentityProvider and still returns allow_all? The name of your AllowAllPasswordIdentityProvider identity provider was "allow_all", right? name: allow_all
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
