Details
-
Bug
-
Resolution: Done
-
Major
-
7.12.0.GA
-
RHPAM/RHDM 7.12.0 image in OpenShift
-
False
-
False
-
Documentation (Ref Guide, User Guide, etc.)
-
+
-
2022 Week 41-43 (from Oct 10), 2022 Week 44-46 (from Oct 31), 2022 Week 47-49 (from Nov 21), 2022 Week 50-02 (from Dec 12)
Description
In LDAP integration with RHPAM/RHDM which is deployed by operator on OCP4.
Until version 7.11, baseFilter is set like the following (in case of ActiveDirectory).
baseFilter: (sAMAccountName={0})
but since 7.12.0 , it needs to specify LDAP attribute name (instead of filter expression)
baseFilter: sAMAccountName
as this value is set as 'rdn-identifier' of identity-mapping in ldap-realm "KIELdapRealm".
<ldap-realm name="KIELdapRealm" direct-verification="true" allow-blank-password="true" dir-context="KIELdapDC">
<identity-mapping rdn-identifier="sAmAccountName" search-base-dn="DC=example,DC=com" use-recursive-search="true">
...
</identity-mapping>
</ldap-realm>
Since the purpose of this parameter is different between 7.12.0 and earlier version,
it would be better to provide new parameter(environment variable) for this configuration in order to avoid confusion when upgrading from older version.
Or at least, this difference need to be mentioned clearly in the document.
