Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1677587

Summary: Could not handle invalid LDAP IDP configuration
Product: OpenShift Container Platform Reporter: Chuan Yu <chuyu>
Component: apiserver-authAssignee: Sally <somalley>
Status: CLOSED DUPLICATE QA Contact: scheng
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.1.0CC: aos-bugs, chuyu, evb, mkhan, slaznick
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-05 13:43:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chuan Yu 2019-02-15 10:04:43 UTC 
Description of problem:
When configure invalid LDAP IDP, the authentication pods still could start successfully

Version-Release number of selected component (if applicable):
RHCOS build: Build 47.315
OCP: release:4.0.0-0.nightly-2019-02-13-204401

How reproducible:
always

Steps to Reproduce:
1.configure LDAP IDP with invalid configuration, such as
  identityProviders:
  - challenge: true
    ldap:
      attributes:
        id:
        - dn
        name:
        - cn
        preferredUsername:
        - uid
      ca: {}
      insecure: true
      url: ldaps://ldap.forumsys.com/dc=example,dc=com?uid
    login: true
    mappingMethod: claim
    name: testldap
    type: LDAP
2.
3.

Actual results:
The authentication pods start successfully

Expected results:
Error report and the authentication pods could not start successfully.

Additional info:
Comment 1 Standa Laznicka 2019-02-15 11:23:49 UTC 
I agree that the missing validation is a problem that we know of and is currently tracked in https://jira.coreos.com/browse/AUTH-201.

However, please do specify why the config is invalid so that anyone looking at the BZ knows what's happening.
Comment 2 Erica von Buelow 2019-02-28 16:47:32 UTC 
https://github.com/openshift/cluster-authentication-operator/pull/80
Comment 4 Mo 2019-04-05 13:43:14 UTC 

*** This bug has been marked as a duplicate of bug 1696115 ***
Comment 5 Red Hat Bugzilla 2023-09-14 05:23:43 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days