Bug 1254061
Summary: | [DOCS] Document LDAP Support in OSE | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Vikram Goyal <vigoyal> |
Component: | Documentation | Assignee: | Ashley Hardin <ahardin> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Chuan Yu <chuyu> |
Severity: | medium | Docs Contact: | Vikram Goyal <vigoyal> |
Priority: | high | ||
Version: | 3.0.0 | CC: | jliggitt, jokerman, mmccomas, rhowe, stwalter, wsun |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-04 17:36:10 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vikram Goyal
2015-08-17 05:08:15 UTC
Some more relevant information might be in this card: https://trello.com/c/lZQSxUxn/215-2-design-ldap-sync-manage-team (which seems to be the tracking card for all LDAP related stuff). *** Bug 1275687 has been marked as a duplicate of this bug. *** Ran into more confusion with the LDAP sync docs. In the RFC2307 specification, it states: The attribute that uniquely identifies a user on the LDAP server. You cannot specify usersQuery filters when using DN for userUIDAttribute. For fine-grained filtering, use the whitelist / blacklist method. I understand how to do this via whitelist for *groups*, and created a KCS on this at https://access.redhat.com/solutions/2399131 after this bug was originally filed. However what does it mean to require a whitelist for users? - Do you have to specify every single user? Does this not defeat the purpose of an LDAP sync which is supposed to minimize effort? - What would the format of a whitelist file for users look like? the closest thing to whitelisting users for an LDAP integration in openshift would be to use the `lookup` mappingMethod. That would require a cluster admin to create an Identity and User object before a login from LDAP would be allowed. Work in progress: https://github.com/openshift/openshift-docs/pull/4828 The doc change lgtm, thx Commits pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/247cadea56418b4ff3394b683bc7df38fdce9b38 Bug 1254061, added note on whitelisting users https://github.com/openshift/openshift-docs/commit/024a9ad9352c72feb30512c71c5aadc04684ac7b Merge pull request #4828 from ahardin-rh/ldap-whitelisting Bug 1254061, added note on whitelisting users |