When syncing groups with user-defined name mappings, the configuration file changes to contain these mappings as shown below.
rfc2307_config_user_defined.yamlkind: LDAPSyncConfig
apiVersion: v1
groupUIDNameMapping:
"cn=admins,ou=groups,dc=example,dc=com": Administrators (1)
rfc2307:
groupsQuery:
baseDN: "ou=groups,dc=example,dc=com"
scope: sub
derefAliases: never
pageSize: 0
groupUIDAttribute: dn (2)
groupNameAttributes: [ cn ] (3)
groupMembershipAttributes: [ member ]
usersQuery:
baseDN: "ou=users,dc=example,dc=com"
scope: sub
derefAliases: never
pageSize: 0
userUIDAttribute: dn (4)
userNameAttributes: [ mail ]
tolerateMemberNotFoundErrors: false
tolerateMemberOutOfScopeErrors: false-
The user-defined name mapping.
-
The unique identifier attribute that is used for the keys in the user-defined name mapping. You cannot specify
groupsQueryfilters when using DN for groupUIDAttribute. For fine-grained filtering, use the whitelist / blacklist method. -
The attribute to name {product-title} groups with if their unique identifier is not in the user-defined name mapping.
-
The attribute that uniquely identifies a user on the LDAP server. You cannot specify
usersQueryfilters when using DN for userUIDAttribute. For fine-grained filtering, use the whitelist / blacklist method.
-
Create the configuration file.
-
Run the sync with the
rfc2307_config_user_defined.yamlfile:$ oc adm groups sync --sync-config=rfc2307_config_user_defined.yaml --confirm
{product-title} creates the following group record as a result of the above sync operation:
{product-title} group created by using therfc2307_config_user_defined.yamlfileapiVersion: user.openshift.io/v1 kind: Group metadata: annotations: openshift.io/ldap.sync-time: 2015-10-13T10:08:38-0400 openshift.io/ldap.uid: cn=admins,ou=groups,dc=example,dc=com openshift.io/ldap.url: LDAP_SERVER_IP:389 creationTimestamp: name: Administrators (1) users: - [email protected] - [email protected]
-
The name of the group as specified by the user-defined name mapping.
-