Yup, origin 1.2.0 was built with go1.4. origin 1.3 will be built with go1.6
On Thu, Jul 14, 2016 at 10:48 AM, Andre Esser <[email protected]> wrote: > It's version 1.2.0 and I've installed it using the Advanced Installation > instructions from > https://docs.openshift.org/latest/install_config/install/advanced_install.html > > Andre > > > On 2016-07-14 15:41, Jordan Liggitt wrote: > >> What version of origin are you running with (and if you built it >> yourself, what version of go did you build with?) >> >> It looks like SECURE256 translates to these ciphers: >> >> |TLSv1.2: ciphers: TLS_RSA_WITH_AES_256_CBC_SHA256 >> TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 >> | >> >> >> None of those are supported in go1.4. >> |TLS_RSA_WITH_AES_256_GCM_SHA384should work with go1.6.| >> >> >> >> >> On Thu, Jul 14, 2016 at 8:54 AM, Andre Esser <[email protected] >> <mailto:[email protected]>> wrote: >> >> RESOLVED: >> >> Our LDAP servers required 256 bit cyphers but OpenShift appears to >> use 128 bit ones. After setting 'olcTLSCipherSuite' to 'SECURE128' >> authentication started to work. >> >> Cheers, >> >> Andre >> >> >> >> On 2016-07-13 17:50, Andre Esser wrote: >> >> Certificate: >> Data: >> Version: 3 (0x2) >> Serial Number: 971[..] (0x86[..]) >> Signature Algorithm: sha256WithRSAEncryption >> Issuer: C=VG, ST=Tortola, L=Road Town, O=Voidbridge >> Software >> Limited, CN=Voidbridge CA/[email protected] >> <mailto:[email protected]> >> Validity >> Not Before: Apr 12 16:39:00 2015 GMT >> Not After : Apr 9 16:39:00 2025 GMT >> Subject: C=VG, ST=Tortola, L=Road Town, O=Voidbridge >> Software >> Limited, CN=Voidbridge CA/[email protected] >> <mailto:[email protected]> >> Subject Public Key Info: >> Public Key Algorithm: rsaEncryption >> Public-Key: (4096 bit) >> Modulus: >> 00:b5:35:[...] >> Exponent: 65537 (0x10001) >> X509v3 extensions: >> X509v3 Subject Key Identifier: >> 76:44:AB:[..] >> X509v3 Authority Key Identifier: >> keyid:76:44:AB:[..] >> >> X509v3 Basic Constraints: >> CA:TRUE >> X509v3 Key Usage: >> Certificate Sign, CRL Sign >> Signature Algorithm: sha256WithRSAEncryption >> 96:5a:ac:[..] >> >> >> On 2016-07-13 17:26, Jordan Liggitt wrote: >> >> Is the signing cert an actual CA (what does `openssl x509 -in >> /etc/pki/ca-trust/source/anchors/voidbridge-ca.crt -text >> -noout` show?) >> >> On Wed, Jul 13, 2016 at 12:15 PM, Andre Esser >> <[email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> >> <mailto:[email protected]>>> wrote: >> >> Hi, >> >> I'm having problems getting LDAP authentication with a >> STARTTLS LDAP >> server to work on an Openshift Origin installation. >> >> >> The provider config is as follows: >> >> >> ------------------------------------------------------------- >> identityProviders: >> - name: "voidbridge_ldap_provider" >> challenge: true >> login: true >> mappingMethod: add >> provider: >> apiVersion: v1 >> kind: LDAPPasswordIdentityProvider >> attributes: >> id: >> - uid >> email: >> - mail >> name: >> - gecos >> preferredUsername: >> - uid >> bindDN: "" >> bindPassword: "" >> ca: >> /etc/pki/ca-trust/source/anchors/voidbridge-ca.crt >> insecure: false >> url: "ldap://ldap.local.voidbridge \ >> /ou=people,dc=voidbridge?uid?one" >> >> >> --------------------------------------------------------------- >> >> The LDAP server's cert is self-signed, the CA cert is >> voidbridge-ca.crt. The LDAP server only accepts >> STARTTLS connections >> and performs fine for other services. In particular the >> command >> >> ldapwhoami -h ldap.local.voidbridge \ >> -D uid=andre.esser,ou=people,dc=voidbridge -ZZ -W >> >> succeeds when the correct password is entered. >> >> Also when I temporarily disable the STARTTLS >> requirement on the LDAP >> server and switch to 'insecure: false' in the provider >> config, the >> authentication succeeds. >> >> The error in the OpenShift log (via syslog) is: >> >> Jul 13 15:09:22 osae-master-101 >> atomic-openshift-master-api: >> E0713 15:09:22.921501 10255 login.go:162] Error >> authenticating >> "andre.esser" with provider >> "voidbridge_ldap_provider": LDAP >> Result >> Code 200 "": TLS handshake failed (EOF) >> >> >> Any help to get authentication working over STARTTLS >> would be >> greatly appreciated, >> >> Andre >> >> _______________________________________________ >> users mailing list >> [email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>> >> http://lists.openshift.redhat.com/openshiftmm/listinfo/users >> >> >> >>
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
