master主配置文件:api
...... identityProviders: - challenge: true login: true mappingMethod: claim name: Ldap_auth provider: apiVersion: v1 kind: LDAPPasswordIdentityProvider attributes: id: - dn email: - mail name: - cn preferredUsername: - uid bindDN: "uid=ldapreader,cn=users,dc=example,dc=com" bindPassword: "PASSWD" insecure: true url: "ldap://<IP>:389/cn=users,dc=example,dc=com?uid" ......
默认状况下oc并不会同步ldap组app
新建一个yaml文件以openldap为例ide
kind: LDAPSyncConfig apiVersion: v1 url: ldap://<IP>:389 insecure: true rfc2307: groupsQuery: baseDN: "cn=groups,dc=example,dc=com" scope: sub derefAliases: never pageSize: 0 filter: (objectClass=posixGroup) groupUIDAttribute: dn groupNameAttributes: [ cn ] groupMembershipAttributes: [ member ] usersQuery: baseDN: "dc=example,dc=com" scope: sub derefAliases: never pageSize: 0 userUIDAttribute: dn userNameAttributes: [ cn ] tolerateMemberNotFoundErrors: false tolerateMemberOutOfScopeErrors: false
oadm groups sync --sync-config=/etc/origin/master/rfc2307_config.yaml --confirmui