master主配置文件:
......
identityProviders:
- challenge: true
login: true
mappingMethod: claim
name: Ldap_auth
provider:
apiVersion: v1
kind: LDAPPasswordIdentityProvider
attributes:
id:
- dn
email:
name:
- cn
preferredUsername:
- uid
bindDN: "uid=ldapreader,cn=users,dc=example,dc=com"
bindPassword: "PASSWD"
insecure: true
url: "ldap://<IP>:389/cn=users,dc=example,dc=com?uid"
......
默认情况下oc并不会同步ldap组
新建一个yaml文件以openldap为例
kind: LDAPSyncConfig
apiVersion: v1
url: ldap://<IP>:389
insecure: true
rfc2307:
groupsQuery:
baseDN: "cn=groups,dc=example,dc=com"
scope: sub
derefAliases: never
pageSize:
filter: (objectClass=posixGroup)
groupUIDAttribute: dn
groupNameAttributes: [ cn ]
groupMembershipAttributes: [ member ]
usersQuery:
baseDN: "dc=example,dc=com"
scope: sub
derefAliases: never
pageSize:
userUIDAttribute: dn
userNameAttributes: [ cn ]
tolerateMemberNotFoundErrors: false
tolerateMemberOutOfScopeErrors: false
oadm groups sync --sync-config=/etc/origin/master/rfc2307_config.yaml --confirm