On Tue, 2019-03-12 at 15:43 +0100, Alexander Bartilla wrote: > Hi Bill, > > have you looked up if there are any LDAPgroupsyncs configured in your > prod cluster? With this you can define which attribute to use as the > username. >
I have not, but I am looking now, I'm having some troulbe understanding how to see if there are... the docs I am reading don't seem to say where the config file would be located... or how the syncs get run, but I will continue googling and reading, thank you! > Cheers, > Alexander > > > On Tue, Mar 12, 2019 at 3:29 PM <[email protected]> wrote: > > Hi, > > > > I am learning OpenShift from the ground up. I'm following a > > LinuxAcademy course for OpenShirt certification with a few > > modifications in my lab. > > > > First off we have two production OC clusters, one on prem and one > > in > > AWS. The person that set them up has left the company so I am > > trying > > to get up to speed as quickly as possible. > > > > The on-prem cluster uses LDAP Authentiation. I have a cluster > > running > > in my lab at home on VMs and I have a full windows domain to work > > with > > here. I have also setup LDAP authentication and it is working - > > but > > different to the production on-prem cluster. Our oauth sections in > > master-config.yaml are identicle save for the searver names. But > > when > > I do get users on the production system it returns a line like > > this: > > > > prod version 3.11.69 > > > > TU001SW 28a5570e-e66d-11e8-81ae- > > 00505690739d TU001SW pbi:CN=TU001SW,OU=INDIA- > > NOIDA,OU=Provisioned,OU=Users,DC=ourdomain,DC=global,DC=pvt > > > > so it is the user GUID under user Name > > > > I do oc get users in my lab > > > > lab version 3.5.5.31.80 > > > > CN=jack,OU=OC-Users,DC=terrapin,DC=local 727be142-4449-11e9- > > 966b-00505696ac63 jack terrapin:CN=jack,OU=OC- > > Users,DC=terrapin,DC=local > > > > which is the Distingueshed Name under name. > > > > I can login with LDAP users to the console fine but this is what > > gets > > populated. > > > > I am running windows 2016 servers on my lab and I think the > > production > > network is back around 2008 functional level. > > > > The main problem is that I can't seem to work with the users in the > > format they are on my lab. > > > > for instance trying to put a label on one of my users results in: > > > > root@oc-master ~]# oc label user "CN=law,OU=OC- > > Users,DC=terrapin,DC=local" org=Terrapin > > error: invalid label spec: CN=law,OU=OC-Users,DC=terrapin,DC=local > > See 'oc label -h' for help and examples. > > > > I have tryid jus CN=law just law, etc... > > > > My oauth stanza is this: > > > > oauthConfig: > > assetPublicURL: https://oc-master.terrapin.local:8443/console/ > > grantConfig: > > method: auto > > identityProviders: > > - challenge: true > > login: true > > mappingMethod: claim > > name: terrapin > > provider: > > apiVersion: v1 > > attributes: > > email: > > - mail > > id: > > - dn > > name: > > - cn > > preferredUsername: > > - sAMAccoutName > > bindDN: [email protected] > > bindPassword: verysecretpw > > insecure: true > > kind: LDAPPasswordIdentityProvider > > url: > > "ldap://fender.terrapin.local:389/dc=terrapin,dc=local?sAMAccountNa > > me" > > > > Any help on this would be greatly appreciate as I can't move > > forward at > > the moment and I do need to be able to work with users in my lab. > > > > Thanks > > Bill > > > > > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > _______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
