Hi,
I'm having problems getting LDAP authentication with a STARTTLS LDAP
server to work on an Openshift Origin installation.
The provider config is as follows:
-------------------------------------------------------------
identityProviders:
- name: "voidbridge_ldap_provider"
challenge: true
login: true
mappingMethod: add
provider:
apiVersion: v1
kind: LDAPPasswordIdentityProvider
attributes:
id:
- uid
email:
- mail
name:
- gecos
preferredUsername:
- uid
bindDN: ""
bindPassword: ""
ca: /etc/pki/ca-trust/source/anchors/voidbridge-ca.crt
insecure: false
url: "ldap://ldap.local.voidbridge \
/ou=people,dc=voidbridge?uid?one"
---------------------------------------------------------------
The LDAP server's cert is self-signed, the CA cert is voidbridge-ca.crt.
The LDAP server only accepts STARTTLS connections and performs fine for
other services. In particular the command
ldapwhoami -h ldap.local.voidbridge \
-D uid=andre.esser,ou=people,dc=voidbridge -ZZ -W
succeeds when the correct password is entered.
Also when I temporarily disable the STARTTLS requirement on the LDAP
server and switch to 'insecure: false' in the provider config, the
authentication succeeds.
The error in the OpenShift log (via syslog) is:
Jul 13 15:09:22 osae-master-101 atomic-openshift-master-api:
E0713 15:09:22.921501 10255 login.go:162] Error authenticating
"andre.esser" with provider "voidbridge_ldap_provider": LDAP Result
Code 200 "": TLS handshake failed (EOF)
Any help to get authentication working over STARTTLS would be greatly
appreciated,
Andre
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
