Bug 1381674
| Summary: | [DOCS] LDAP - filters no longer valid for UserUIDAttribute = dn | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Matthew Robson <mrobson> |
| Component: | Documentation | Assignee: | brice <bfallonf> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Chuan Yu <chuyu> |
| Severity: | high | Docs Contact: | Vikram Goyal <vigoyal> |
| Priority: | medium | ||
| Version: | 3.3.0 | CC: | aos-bugs, jialiu, jokerman, mmccomas, mrobson, pdwyer, wsun |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-22 00:39:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Matthew Robson
2016-10-04 17:20:21 UTC
Matthew: Your suggestion for improvement is "All of our doc currently specify a filter with UserUIDAttribute dn", are you suggesting that mentions of using this filter with the UserUIDAttribute DN simply need to be removed? Or will the impact on OpenShift users be more significant than that? Is there a new DN that they must specify instead, one that allows them to use filters? Are there other manual changes that must now take place? Any additional information you can point me to would be very helpful, thank you. Correct, they need to be removed. If you look at the above commit, you can see all of the 'filters' were removed as part of this change. There are no filters allowed when using DN for UserUIDAttribute. The recommendation for finer grained filtering is to use the already documented whitelist / blacklist approach. Thank you, Matthew. I've updated everything now. :) Ready for docs QA review. Docs update PR: https://github.com/openshift/openshift-docs/pull/3077 Nicely-rendered docs for easy reading, updated in 3 spots: 1. Here, Example 5: http://file.bne.redhat.com/~tpoitras/2016/ldapfilter/openshift-enterprise/ldapfilter-BZ1381674/install_config/syncing_groups_with_ldap.html#sync-ldap-rfc-2307 2. Here, Example 7: http://file.bne.redhat.com/~tpoitras/2016/ldapfilter/openshift-enterprise/ldapfilter-BZ1381674/install_config/syncing_groups_with_ldap.html#rfc2307-with-user-defined-name-mappings 3. And Here, Example 10: http://file.bne.redhat.com/~tpoitras/2016/ldapfilter/openshift-enterprise/ldapfilter-BZ1381674/install_config/syncing_groups_with_ldap.html#rfc2307-with-error-tolerances Tim's PR has merged: https://github.com/openshift/openshift-docs/pull/3077 Plus, I created a follow up PR to address the one he missed: https://github.com/openshift/openshift-docs/pull/3132 Moving this BZ to release pending |