Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 7.0.2.GA
Affects Version/s: 7.0.2.GA
Component/s: Build and Assembly, Cloud
Labels:
- Cloud
Environment:
- Openshift
- LDAP

Affects Build:
CR1
CDW devel_ack:
CDW docs_ack:
CDW pm_ack:
CDW qa_ack:
CDW release:
Fix Build:
CR2
Target Release:

7.0.2.GA
Git Pull Request:
https://github.com/jboss-container-images/jboss-kie-modules/pull/65, https://github.com/jboss-container-images/jboss-kie-modules/pull/69

Sprint:
2018 Week 30-32

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

LDAP authentication in OpenShift images does not work correctly. It is possible to use LDAP to authenticate users, but users do not have proper roles. It seems that roles are still imported from "application-roles.properties".

I have configured LDAP users as follows:
dn: uid=admin,ou=people,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
objectclass: inetOrgPerson
uid: admin
cn: admin
sn: admin
userpassword: admin

And groups as follows:
dn: cn=admin,ou=roles,dc=example,dc=com
objectclass: groupOfNames
objectClass: top
cn: admin
description: Admin group
ou: admins@example.com
member: uid=admin,ou=people,dc=example,dc=com
member: uid=adminUser,ou=people,dc=example,dc=com
member: uid=Administrator,ou=people,dc=example,dc=com

The following command was used to deploy the application:
oc new-app rhpam70-authoring -p BUSINESS_CENTRAL_HTTPS_SECRET=secret1 -p KIE_SERVER_HTTPS_SECRET=secret1 -p IMAGE_STREAM_NAMESPACE=jpetrlik-test5 -p KIE_SERVER_CONTROLLER_PWD=controllerUser -p KIE_ADMIN_PWD=adminUser -p KIE_SERVER_PWD=executionUser -p AUTH_LDAP_URL=ldap://<url> -p AUTH_LDAP_BIND_DN="cn=Manager,dc=example,dc=com" -p AUTH_LDAP_BIND_CREDENTIAL=admin -p AUTH_LDAP_BASE_CTX_DN="ou=people,dc=example,dc=com" -p AUTH_LDAP_BASE_FILTER="(uid=

{0}

)" -p AUTH_LDAP_SEARCH_SCOPE="SUBTREE_SCOPE" -p AUTH_LDAP_ROLES_CTX_DN="ou=roles,dc=example,dc=com" -p AUTH_LDAP_ROLE_FILTER="(member=

{1}

)" -p AUTH_LDAP_ROLE_ATTRIBUTE_ID="cn

I'm able to provide access to QE LDAP for further investigation if necessary.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

bpms.ldif
1 kB
2018/07/25 9:59 PM
standalone-full.xml
35 kB
2018/07/26 1:32 PM

blocks

RHPAM-1210 Provide LDAP authentication support in RHPAM

Closed

Assignee:: Filippe Spolti

Reporter:: Jiri Petrlik

Tester:: Jiri Petrlik

QA Contact:: Jiri Petrlik

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2018/07/24 7:00 AM

Updated:: 2024/02/12 9:31 AM

Resolved:: 2018/07/27 2:58 PM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates