When you restart, what log messages are printed in origin-master? On Jul 11, 2017, at 10:19 PM, Werner, Mark <[email protected]> wrote:
I am really struggling to get Active Directory authentication to work. The oauthConfig section of the master-config.yaml file starts out like this and all is fine. oauthConfig: assetPublicURL: https://master.domain.local:8443/console/ grantConfig: method: auto identityProviders: - challenge: true login: true mappingMethod: claim name: allow_all provider: apiVersion: v1 kind: AllowAllPasswordIdentityProvider masterCA: ca-bundle.crt masterPublicURL: https://master.domain.local:8443 masterURL: https://master.domain.local:8443 Then I attempt to modify the oauthConfig section of the master-config.yaml file to look like this. oauthConfig: assetPublicURL: https://master.domain.local:8443/console/ grantConfig: method: auto identityProviders: - name: Active_Directory challenge: true login: true mappingMethod: claim provider: apiVersion: v1 kind: LDAPPasswordIdentityProvider attributes: id: - dn email: - mail name: - cn preferredUsername: - uid bindDN: "cn=openshift,cn=users,dc=domain,dc=local" bindPassword: "password" insecure: true url: ldap://dc.domain.local:389/cn=users,dc=domain,dc=local?uid assetPublicURL: https://master.domain.local:8443/console/ masterPublicURL: https://master.domain.local:8443 masterURL: https://master.domain.local:8443 Then I try to restart the origin-master service and it fails to restart, and won't start again, not even on reboot. If I revert back to the old master-config.yaml file everything works fine again, and origin-master service starts with no problem. The user "openshift" has been created in Active Directory with the correct password. I have even tried using url: ldaps://dc.domain.local:686/cn=users,dc=domain,dc=local?uid That doesn't work either. I cannot seem to figure out what I am doing wrong and what the origin-master service does not like about the modified master-config.yaml file that keeps it from starting. *Mark Werner* | Senior Systems Engineer | Cloud & Infrastructure Services Unisys | Mobile Phone 586.214.9017 | [email protected] 11720 Plaza America Drive, Reston, VA 20190 <image001.png> <http://www.unisys.com/> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all devices. <image002.jpg> <http://www.linkedin.com/company/unisys> <image003.jpg> <http://twitter.com/unisyscorp> <image004.jpg> <https://plus.google.com/+UnisysCorp/posts><image005.jpg> <http://www.youtube.com/theunisyschannel><image006.jpg> <http://www.facebook.com/unisyscorp><image007.jpg> <https://vimeo.com/unisys><image008.jpg> <http://blogs.unisys.com/> _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
