I am really struggling to get Active Directory authentication to work.
The oauthConfig section of the master-config.yaml file starts out like this and all is fine.
oauthConfig:
assetPublicURL: https://master.domain.local:8443/console/
grantConfig:
method: auto
identityProviders:
- challenge: true
login: true
mappingMethod: claim
name: allow_all
provider:
apiVersion: v1
kind: AllowAllPasswordIdentityProvider
masterCA: ca-bundle.crt
masterPublicURL: https://master.domain.local:8443
masterURL: https://master.domain.local:8443
Then I attempt to modify the oauthConfig section of the master-config.yaml file to look like this.
oauthConfig:
assetPublicURL: https://master.domain.local:8443/console/
grantConfig:
method: auto
identityProviders:
- name: Active_Directory
challenge: true
login: true
mappingMethod: claim
provider:
apiVersion: v1
kind: LDAPPasswordIdentityProvider
attributes:
id:
- dn
email:
- mail
name:
- cn
preferredUsername:
- uid
bindDN: "cn=openshift,cn=users,dc=domain,dc=local"
bindPassword: "password"
insecure: true
url: ldap://dc.domain.local:389/cn=users,dc=domain,dc=local?uid
assetPublicURL: https://master.domain.local:8443/console/
masterPublicURL: https://master.domain.local:8443
masterURL: https://master.domain.local:8443
Then I try to restart the origin-master service and it fails to restart, and won't start again, not even on reboot. If I revert back to the old master-config.yaml file everything works fine again, and origin-master service starts with no problem.
The user "openshift" has been created in Active Directory with the correct password.
I have even tried using url: ldaps://dc.domain.local:686/cn=users,dc=domain,dc=local?uid
That doesn't work either. I cannot seem to figure out what I am doing wrong and what the origin-master service does not like about the modified master-config.yaml file that keeps it from starting.
