openshift-docs icon indicating copy to clipboard operation
openshift-docs copied to clipboard

Published 20 hours ago verified publisher icon openshift

OCPBUGS 1931: Adding the bindDN and bindPassword to example

Open bergerhoffer opened this issue 2 years ago • 29 comments
trafficstars

Version(s): 4.12+

Issue: https://issues.redhat.com/browse/OCPBUGS-1931

Link to docs preview: https://57519--ocpdocs-pr.netlify.app/openshift-enterprise/latest/authentication/ldap-syncing.html#ldap-syncing-config-rfc2307_ldap-syncing-groups

QE review:

  • [ ] QE has approved this change.

Additional information:

bergerhoffer avatar Mar 21 '23 20:03 bergerhoffer

@bergerhoffer: Jira Issue OCPBUGS-1931 is in a security level that is not in the allowed security levels for this repo. Allowed security levels for this repo are:

  • Red Hat Employee
  • default

In response to this:

Version(s): 4.9+

Issue: https://issues.redhat.com/browse/OCPBUGS-1931

Link to docs preview:

QE review:

  • [ ] QE has approved this change.

Additional information:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-ci-robot avatar Mar 21 '23 20:03 openshift-ci-robot

🤖 Mon Oct 28 19:41:54 - Prow CI generated the docs preview:

https://57519--ocpdocs-pr.netlify.app/openshift-dedicated/latest/authentication/ldap-syncing.html https://57519--ocpdocs-pr.netlify.app/openshift-enterprise/latest/authentication/ldap-syncing.html https://57519--ocpdocs-pr.netlify.app/openshift-rosa/latest/authentication/ldap-syncing.html

ocpdocs-previewbot avatar Mar 21 '23 20:03 ocpdocs-previewbot

lgtm

vwalek avatar Mar 21 '23 21:03 vwalek

@stlaz Can you please review to make sure that the addition of the bindDN and bindPassword are appropriate here?

Preview: https://57519--docspreview.netlify.app/openshift-enterprise/latest/authentication/ldap-syncing.html#ldap-syncing-config-rfc2307_ldap-syncing-groups

bergerhoffer avatar Mar 22 '23 13:03 bergerhoffer

/label peer-review-needed

bergerhoffer avatar Mar 22 '23 13:03 bergerhoffer

/label peer-review-in-progress /remove-label peer-review-needed

GroceryBoyJr avatar Mar 22 '23 14:03 GroceryBoyJr

/remove-label peer-review-in-progress /label peer-review-done

GroceryBoyJr avatar Mar 22 '23 15:03 GroceryBoyJr

/LGTM

vwalek avatar Apr 20 '23 17:04 vwalek

Only versions 4.10+ are still in maintenance. I am removing labels from earlier versions from this PR.

kalexand-rh avatar Apr 25 '23 15:04 kalexand-rh

@bergerhoffer 4.9 is EOL. Unless this is critical information, please update the applicable versions to 4.10+

kalexand-rh avatar Apr 25 '23 15:04 kalexand-rh

The branch/enterprise-4.14 label has been added to this PR.

This is because your PR targets the main branch and is labeled for enterprise-4.13. And any PR going into main must also target the latest version branch (enterprise-4.14).

If the update in your PR does NOT apply to version 4.14 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.

kalexand-rh avatar May 16 '23 18:05 kalexand-rh

New changes are detected. LGTM label has been removed.

openshift-ci[bot] avatar Aug 01 '23 20:08 openshift-ci[bot]

Only versions 4.11+ are still in maintenance. I am removing labels from earlier versions from this PR.

kalexand-rh avatar Sep 11 '23 14:09 kalexand-rh

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Dec 11 '23 01:12 openshift-bot

/remove-lifecycle stale

vwalek avatar Dec 11 '23 18:12 vwalek

@bergerhoffer can we have some traction on this PR?

vwalek avatar Dec 11 '23 18:12 vwalek

@xingxingxia Can you please test this out to see if this update is okay?

Preview: https://57519--ocpdocs-pr.netlify.app/openshift-enterprise/latest/authentication/ldap-syncing.html#ldap-syncing-config-rfc2307_ldap-syncing-groups

bergerhoffer avatar Dec 12 '23 21:12 bergerhoffer

Well received. Was taking PTOs. Will review.

xingxingxia avatar Dec 20 '23 02:12 xingxingxia

The branch/enterprise-4.16 label has been added to this PR.

This is because your PR targets the main branch and is labeled for enterprise-4.15. And any PR going into main must also target the latest version branch (enterprise-4.16).

If the update in your PR does NOT apply to version 4.16 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.

kalexand-rh avatar Feb 26 '24 20:02 kalexand-rh

~~Hi @xingxingxia Can you PTAL?~~

Ignore this, I see you replied in the Jira!

bergerhoffer avatar Mar 11 '24 18:03 bergerhoffer

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Jun 10 '24 01:06 openshift-bot

/remove-lifecycle stale

vwalek avatar Jun 10 '24 17:06 vwalek

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot avatar Sep 25 '24 09:09 openshift-bot

The branch/enterprise-4.18 label has been added to this PR.

This is because your PR targets the main branch and is labeled for enterprise-4.17. And any PR going into main must also target the latest version branch (enterprise-4.18).

If the update in your PR does NOT apply to version 4.18 onward, please re-target this PR to go directly into the appropriate version branch or branches (enterprise-4.x) instead of main.

bergerhoffer avatar Oct 14 '24 15:10 bergerhoffer

I'm not sure how to progress with this one. @xingxingxia Per your comment in the Jira, you noted that we do already mention bindDN and bindPassword in the auto syncing section.

But we don't mention it in the base example at the beginning of the document "About the RFC 2307 configuration file".

Can we add them there like this PR proposes, or should we not?

bergerhoffer avatar Oct 17 '24 17:10 bergerhoffer

/remove-lifecycle stale

bergerhoffer avatar Oct 17 '24 17:10 bergerhoffer

@bergerhoffer it is fine to add them in all configuration/snippet occurrences. But there is no test case covering the two fields and I'm not sure of the right format for bindPassword. Give me some time to test it and update here.

xingxingxia avatar Oct 22 '24 06:10 xingxingxia

@bergerhoffer tested, the PR's added format .bindPassword.file and content works. Also, below simple format (.bindPassword with string value) and content also works. You can note this maybe. I say "works", because if I give wrong password (in .bindPassword directly or in .bindPassword.file) the sync command failed with error: could not bind to the LDAP server: LDAP Result Code 49 "Invalid Credentials", and only when I give correct password (ditto) it succeeded.

bindDN: cn=admin,dc=example,dc=com
bindPassword: <password>

You can add bindDN/bindPassword for all configuration/snippet occurrences if there are others missing bindDN/bindPassword.

xingxingxia avatar Oct 25 '24 14:10 xingxingxia

/retest

bergerhoffer avatar Oct 28 '24 19:10 bergerhoffer

@bergerhoffer tested, the PR's added format .bindPassword.file and content works. Also, below simple format (.bindPassword with string value) and content also works. You can note this maybe. I say "works", because if I give wrong password (in .bindPassword directly or in .bindPassword.file) the sync command failed with error: could not bind to the LDAP server: LDAP Result Code 49 "Invalid Credentials", and only when I give correct password (ditto) it succeeded.

bindDN: cn=admin,dc=example,dc=com
bindPassword: <password>

You can add bindDN/bindPassword for all configuration/snippet occurrences if there are others missing bindDN/bindPassword.

Thanks! I don't think it's necessary to note the alternative method, so I'll just move forward with this update.

bergerhoffer avatar Oct 28 '24 19:10 bergerhoffer