I am really struggling to get Active Directory authentication to work. The oauthConfig section of the master-config.yaml file starts out like this and all is fine.
oauthConfig: assetPublicURL: <https://master.domain.local:8443/console/> https://master.domain.local:8443/console/ grantConfig: method: auto identityProviders: - challenge: true login: true mappingMethod: claim name: allow_all provider: apiVersion: v1 kind: AllowAllPasswordIdentityProvider masterCA: ca-bundle.crt masterPublicURL: <https://master.domain.local:8443> https://master.domain.local:8443 masterURL: <https://master.domain.local:8443> https://master.domain.local:8443 Then I attempt to modify the oauthConfig section of the master-config.yaml file to look like this. oauthConfig: assetPublicURL: <https://master.domain.local:8443/console/> https://master.domain.local:8443/console/ grantConfig: method: auto identityProviders: - name: Active_Directory challenge: true login: true mappingMethod: claim provider: apiVersion: v1 kind: LDAPPasswordIdentityProvider attributes: id: - dn email: - mail name: - cn preferredUsername: - uid bindDN: "cn=openshift,cn=users,dc=domain,dc=local" bindPassword: "password" insecure: true url: ldap://dc.domain.local:389/cn=users,dc=domain,dc=local?uid assetPublicURL: <https://master.domain.local:8443/console/> https://master.domain.local:8443/console/ masterPublicURL: <https://master.domain.local:8443> https://master.domain.local:8443 masterURL: <https://master.domain.local:8443> https://master.domain.local:8443 Then I try to restart the origin-master service and it fails to restart, and won't start again, not even on reboot. If I revert back to the old master-config.yaml file everything works fine again, and origin-master service starts with no problem. The user "openshift" has been created in Active Directory with the correct password. I have even tried using url: ldaps://dc.domain.local:686/cn=users,dc=domain,dc=local?uid That doesn't work either. I cannot seem to figure out what I am doing wrong and what the origin-master service does not like about the modified master-config.yaml file that keeps it from starting. Mark Werner | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 | <mailto:mark.wer...@unisys.com> mark.wer...@unisys.com 11720 Plaza America Drive, Reston, VA 20190 <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <http://www.linkedin.com/company/unisys> <http://twitter.com/unisyscorp> <https://plus.google.com/+UnisysCorp/posts> <http://www.youtube.com/theunisyschannel> <http://www.facebook.com/unisyscorp> <https://vimeo.com/unisys> <http://blogs.unisys.com/>
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev