Hi Bill, have you looked up if there are any LDAPgroupsyncs configured in your prod cluster? With this you can define which attribute to use as the username.
Cheers, Alexander On Tue, Mar 12, 2019 at 3:29 PM <[email protected]> wrote: > Hi, > > I am learning OpenShift from the ground up. I'm following a > LinuxAcademy course for OpenShirt certification with a few > modifications in my lab. > > First off we have two production OC clusters, one on prem and one in > AWS. The person that set them up has left the company so I am trying > to get up to speed as quickly as possible. > > The on-prem cluster uses LDAP Authentiation. I have a cluster running > in my lab at home on VMs and I have a full windows domain to work with > here. I have also setup LDAP authentication and it is working - but > different to the production on-prem cluster. Our oauth sections in > master-config.yaml are identicle save for the searver names. But when > I do get users on the production system it returns a line like this: > > prod version 3.11.69 > > TU001SW 28a5570e-e66d-11e8-81ae- > 00505690739d TU001SW pbi:CN=TU001SW,OU=INDIA- > NOIDA,OU=Provisioned,OU=Users,DC=ourdomain,DC=global,DC=pvt > > so it is the user GUID under user Name > > I do oc get users in my lab > > lab version 3.5.5.31.80 > > CN=jack,OU=OC-Users,DC=terrapin,DC=local 727be142-4449-11e9- > 966b-00505696ac63 jack terrapin:CN=jack,OU=OC- > Users,DC=terrapin,DC=local > > which is the Distingueshed Name under name. > > I can login with LDAP users to the console fine but this is what gets > populated. > > I am running windows 2016 servers on my lab and I think the production > network is back around 2008 functional level. > > The main problem is that I can't seem to work with the users in the > format they are on my lab. > > for instance trying to put a label on one of my users results in: > > root@oc-master ~]# oc label user "CN=law,OU=OC- > Users,DC=terrapin,DC=local" org=Terrapin > error: invalid label spec: CN=law,OU=OC-Users,DC=terrapin,DC=local > See 'oc label -h' for help and examples. > > I have tryid jus CN=law just law, etc... > > My oauth stanza is this: > > oauthConfig: > assetPublicURL: https://oc-master.terrapin.local:8443/console/ > grantConfig: > method: auto > identityProviders: > - challenge: true > login: true > mappingMethod: claim > name: terrapin > provider: > apiVersion: v1 > attributes: > email: > - mail > id: > - dn > name: > - cn > preferredUsername: > - sAMAccoutName > bindDN: [email protected] > bindPassword: verysecretpw > insecure: true > kind: LDAPPasswordIdentityProvider > url: > "ldap://fender.terrapin.local:389/dc=terrapin,dc=local?sAMAccountName"; > > Any help on this would be greatly appreciate as I can't move forward at > the moment and I do need to be able to work with users in my lab. > > Thanks > Bill > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > -- Alexander Bartilla IT-Consultant Cloudwerkstatt GmbH - Reisnerstraße 13/6– A-1030 Wien +43-660-8989058 [email protected] *[image: id:[email protected]]* -- Cloudwerkstatt GmbH - Reisnerstraße 13/6 - A-1030 Wien - ATU68384759 - FN408516i - Handelsgericht Wien
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
