Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP Authentication with multiple OUs #2464

Closed
enthurohini opened this issue Mar 2, 2020 · 3 comments
Closed

LDAP Authentication with multiple OUs #2464

enthurohini opened this issue Mar 2, 2020 · 3 comments
Assignees
@israel-hdez
Labels
bug Something isn't working good first issue Needs a contributor. Good starter issue

Comments

@enthurohini
Copy link

LDAP integration issue with multiple OUs

Being a big organization, we have multiple OUs in Active Directory. An example is as follow:
"CN={USERID},OU=SRE,OU=Technology,OU=xyzIN,OU=User,DC=xyz,DC=com"
"CN={USERID},OU=Security,OU=Technology,OU=xyzIN,OU=User,DC=xyz,DC=com"
"CN={USERID},OU=Team1,OU=Technology,OU=xyzIN,OU=User,DC=xyz,DC=com"
"CN={USERID},OU=Team2,OU=Technology,OU=xyzIN,OU=User,DC=xyz,DC=com"
...
"CN={USERID},OU=TeamN,OU=Technology,OU=xyzIN,OU=User,DC=xyz,DC=com"

Now, we want to give access to all the users that are in "Technology" OU. I am not able to do it. Below is the config for ldap:

auth:
      strategy: ldap
      ldap:
        ldap_base: "DC=xyz,DC=com"
        ldap_bind_dn: "CN={USERID},OU=Technology,OU=xyzIN,OU=User,DC=xyz,DC=com"
        ldap_group_filter: "(cn=%s)"
        ldap_host: "ad.xyz.com"
        ldap_insecure_skip_verify: true
        ldap_mail_id_key: "mail"
        ldap_member_of_key: "memberOf"
        ldap_port: 389
        ldap_role_filter: ""
        ldap_use_ssl: false
        ldap_search_filter: "(&(name={USERID}))"
        ldap_user_filter: "(cn=%s)"
        ldap_user_id_key: "cn"

Please help.

Versions used
Kiali: v1.4.2
Istio: 1.3.3
Kubernetes flavour and version: On premise kubernestes v1.15.5

Expected behavior
It should work with the above config and should be able to consider all the users falls in the Technology OU like SRE, Security etc.
@enthurohini enthurohini added the bug Something isn't working label Mar 2, 2020
@israel-hdez israel-hdez self-assigned this Mar 4, 2020
@enthurohini
Copy link
Author

@israel-hdez : Do we have any solution around for above bug?

@jmazzitelli jmazzitelli added the good first issue Needs a contributor. Good starter issue label May 20, 2020
@jmazzitelli
Copy link
Collaborator

There is no solution at the moment. We'd welcome community contributions to maintain the LDAP auth feature. This feature was originally contributed by the community; the hope is the community that finds this useful will continue to maintain it and improve it.

We are in the process of putting together an OpenID integration which may be able to help those people where the current LDAP integration is lacking. You could wrap the LDAP within an OpenID integration and use that for Kiali logins. See: #2056 and #2798

@israel-hdez
Copy link
Member

Hi @enthurohini,
Unfortunately, the LDAP implementation in Kiali is being deprecated and will no longer be maintained. So, I'm clossing this ticket -- sorry for the inconvenience.

The LDAP authentication was contributed by a community user who hasn't been replying and this is our main motivation for its deprecation and future removal.

In turn, in Kiali v1.19 (to be released today) a new openid authentication strategy has been implemented. Our recommendation is that you use an OpenID connect provider that has support for LDAP (like Keycloak or Dex, which will offer much more robust LDAP implementation than what we could offer in Kiali)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@israel-hdez israel-hdez

Labels
bug Something isn't working good first issue Needs a contributor. Good starter issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jmazzitelli @enthurohini @israel-hdez