Bug 1569444 - LDAP Sync doc do not have 'filter' entry in provided example.
Summary: LDAP Sync doc do not have 'filter' entry in provided example.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.9.0
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Vikram Goyal
QA Contact: Vikram Goyal
Vikram Goyal
URL: https://access.redhat.com/documentati...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-19 09:47 UTC by Mahesh Taru
Modified: 2021-08-30 13:02 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-24 15:09:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3418341 0 None None None 2018-04-19 10:10:42 UTC

Description Mahesh Taru 2018-04-19 09:47:18 UTC 
Document URL: 
https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html-single/installation_and_configuration/#sync-ldap-augmented-active-directory
https://docs.openshift.com/container-platform/3.9/install_config/syncing_groups_with_ldap.html#sync-ldap-augmented-active-directory

Section Number and Name: 
13.5.4. Augmented Active Directory

Example 16. LDAP Sync Configuration Using Augmented Active Directory Schema: augmented_active_directory_config.yaml
****************************
[...]
augmentedActiveDirectory:
    groupsQuery:
        baseDN: "ou=groups,dc=example,dc=com"
        scope: sub
        derefAliases: never
        pageSize: 0
    groupUIDAttribute: dn 1
    groupNameAttributes: [ cn ] 2
    usersQuery:
        baseDN: "ou=users,dc=example,dc=com"
        scope: sub
        derefAliases: never
        pageSize: 0
[...]
****************************

Describe the issue: 
The LDAP Sync example 16 do not have 'filter' entry and hence the group sync fails with error:
****************************
oc adm groups sync --sync-config=ldap-sync.yaml  --confirm
error: validation of LDAP sync config failed: usersQuery.filter: Invalid value: "": invalid query filter: LDAP Result Code 201 "Filter Compile Error": ldap: filter does not start with an '('
See 'oc adm groups sync -h' for help and examples.
****************************

Suggestions for improvement: 
Add 'filter' entry under augmentedActiveDirectory in example 16.

Additional information: 
Similar to example "Example 13.13. LDAP Sync Configuration Using Active Directory Schema: active_directory_config.yaml" under section "13.5.3. Active Directory".
******************************
[...]
    usersQuery:
        baseDN: "ou=users,dc=example,dc=com"
        scope: sub
        derefAliases: never
        filter: (objectclass=inetOrgPerson)
        pageSize: 0
[...]
******************************
Comment 2 Gaurav Nelson 2018-04-24 15:02:00 UTC 
Fixes are in PR https://bugzilla.redhat.com/show_bug.cgi?id=1569444
Comment 3 openshift-github-bot 2018-04-24 15:05:44 UTC 
Commit pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/0b90f0fe6c86d1838867cb9e054b7098f1684bc5
Merge pull request #8874 from gaurav-nelson/bug1569444-fixes

added filter for LDAP Sync example
Comment 4 Gaurav Nelson 2018-04-24 15:09:51 UTC 
I have merged the fixes and chages should be live soon. Thank you  Mahesh Taru
Note You need to log in before you can comment on or make changes to this bug.