Hi, I just wanted to check what the proper way is to limit which users are allowed to login to OpenShift via an LDAP group.
There doesn't seem to be a way during authentication, but on the authorisation side of things I found that if I removed "system:authenticated" from the basic-user cluster role binding then that seemed to have the desired effect. Is this the right way? So I ran these 2 commands: oc adm policy add-cluster-role-to-group basic-user staff oc adm policy remove-cluster-role-from-group basic-user system:authenticated After which only users in the staff group can login if that don't already have other permissions. The effect on the console is a little odd. You can login ok and it shows an error screen, then you click continue and then you are redirected back to the login screen. Thanks, Joel
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
