Details
-
Bug
-
Resolution: Done
-
Major
-
7.0.2.GA
-
- Openshift
- LDAP
Description
LDAP authentication in OpenShift images does not work correctly. It is possible to use LDAP to authenticate users, but users do not have proper roles. It seems that roles are still imported from "application-roles.properties".
I have configured LDAP users as follows:
dn: uid=admin,ou=people,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
objectclass: inetOrgPerson
uid: admin
cn: admin
sn: admin
userpassword: admin
And groups as follows:
dn: cn=admin,ou=roles,dc=example,dc=com
objectclass: groupOfNames
objectClass: top
cn: admin
description: Admin group
ou: admins@example.com
member: uid=admin,ou=people,dc=example,dc=com
member: uid=adminUser,ou=people,dc=example,dc=com
member: uid=Administrator,ou=people,dc=example,dc=com
The following command was used to deploy the application:
oc new-app rhpam70-authoring -p BUSINESS_CENTRAL_HTTPS_SECRET=secret1 -p KIE_SERVER_HTTPS_SECRET=secret1 -p IMAGE_STREAM_NAMESPACE=jpetrlik-test5 -p KIE_SERVER_CONTROLLER_PWD=controllerUser -p KIE_ADMIN_PWD=adminUser -p KIE_SERVER_PWD=executionUser -p AUTH_LDAP_URL=ldap://<url> -p AUTH_LDAP_BIND_DN="cn=Manager,dc=example,dc=com" -p AUTH_LDAP_BIND_CREDENTIAL=admin -p AUTH_LDAP_BASE_CTX_DN="ou=people,dc=example,dc=com" -p AUTH_LDAP_BASE_FILTER="(uid=
)" -p AUTH_LDAP_SEARCH_SCOPE="SUBTREE_SCOPE" -p AUTH_LDAP_ROLES_CTX_DN="ou=roles,dc=example,dc=com" -p AUTH_LDAP_ROLE_FILTER="(member=
{1})" -p AUTH_LDAP_ROLE_ATTRIBUTE_ID="cn
I'm able to provide access to QE LDAP for further investigation if necessary.
Attachments
Issue Links
- blocks
-
RHPAM-1210 Provide LDAP authentication support in RHPAM
-
- Closed
-
