Hi all, I'll try to be as short as possible.
We want to use LDAP authentication, which works with the 'claim' Mapping method.
But we want to use the 'lookup' method as we don't want every dev user can login on the cluster.
We have the following identity provider config: identityProviders: - challenge: true login: true mappingMethod: lookup name: ldap_provider provider: apiVersion: v1 attributes: email: - mail id: - dn name: - cn preferredUsername: - uid bindDN: '' bindPassword: '' insecure: true kind: LDAPPasswordIdentityProvider url: ldaps://XXXXXXXXXX/o=YYYYY?uid?sub?(objectClass=person) We then create the user: oc create user Marc.Ledent Then we create the identity oc create identity ldap_provider:Marc.Ledent Then we edit both the user and the identity to match the UID But this does not work. Is there a simple way to debug this?On the other hand, if we user the 'claim' mapping method, I noticed that the identity name is:
allow_all:Marc.Ledent allow_all Marc.Ledent Marc.Ledent 8ab115b1-d789-11e8-abfa-001a4a16039e
with 'allow_all' as provider. Is this normal? Thanks in advance, Marc
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
