OSDOCS-1856: Adding docs for automatically syncing LDAP groups #36040

bergerhoffer · 2021-09-02T13:48:54Z

https://issues.redhat.com/browse/OSDOCS-1856

This epic is for 4.9, but these docs can be backported to all supported 4.x versions.

Preview: https://deploy-preview-36040--osdocs.netlify.app/openshift-enterprise/latest/authentication/ldap-syncing.html#ldap-auto-syncing_ldap-syncing-groups

netlify · 2021-09-02T13:51:34Z

✔️ Deploy Preview for osdocs ready!

🔨 Explore the source changes: 44cacb7

🔍 Inspect the deploy log: https://app.netlify.com/sites/osdocs/deploys/616706f96aa137000836685e

😎 Browse the preview: https://deploy-preview-36040--osdocs.netlify.app

modules/ldap-auto-syncing.adoc

bergerhoffer · 2021-09-08T21:07:32Z

modules/ldap-auto-syncing.adoc

@stlaz Prior to this, we said that you had to set up the LDAP IDP. If you look at our docs on it [1] the names are ldap-secret for the secret, and ca-config-map. Any thoughts on if we should use those names, or are they too generic?

[1] https://docs.openshift.com/container-platform/4.8/authentication/identity_providers/configuring-ldap-identity-provider.html#identity-provider-creating-ldap-secret_configuring-ldap-identity-provider

@stlaz Did you have any thoughts on this question here?

I think you can refer to the secret used in the IdP configuration, specific names are probably not necessary in the description.

modules/ldap-auto-syncing.adoc

bergerhoffer · 2021-09-16T03:03:48Z

Note to self: change batch/v1 to batch/v1beta1 for the 4.6 and 4.7 backports

modules/ldap-auto-syncing.adoc

bobfuru

A couple of very minor comments but this LGTM!

modules/ldap-auto-syncing.adoc

bergerhoffer · 2021-09-30T16:18:25Z

Note to self again: change batch/v1 to batch/v1beta1 for the 4.6 and 4.7 backports.

yaoli-redhat · 2021-10-08T07:05:48Z

modules/ldap-auto-syncing.adoc

is the ca filed required when insecure is false? Will 'insecure is true' be supported?

you may want to see the already existing docs: https://docs.openshift.com/container-platform/4.8/authentication/ldap-syncing.html#sync-ldap-v1-ldapsyncconfig

yaoli-redhat · 2021-10-08T09:09:48Z

modules/ldap-auto-syncing.adoc

should the url be ldaps rather than ldap?

I'd prefer this being ldaps:// actually, but ldap:// should still work

bergerhoffer · 2021-10-11T17:07:42Z

@stlaz Can you take a look at @yaoli-redhat's comments? I don't know the answer to them.

bergerhoffer · 2021-10-13T16:40:22Z

@yaoli-redhat Per @stlaz's answer and discussion in slack, I updated ldap:// to ldaps://. And he said that insecure:false was the default, so it should be fine to keep, so I left that alone.

Can you take another look with that update and let me know how this looks? Thanks!

yaoli-redhat · 2021-10-14T06:04:13Z

@bergerhoffer thanks for the update and lgtm.

bergerhoffer · 2021-10-14T12:43:42Z

Thanks @yaoli-redhat!

bergerhoffer · 2021-10-14T12:43:49Z

/cherrypick enterprise-4.9

openshift-cherrypick-robot · 2021-10-14T12:43:50Z

@bergerhoffer: once the present PR merges, I will cherry-pick it on top of enterprise-4.9 in a new PR and assign it to you.

In response to this:

/cherrypick enterprise-4.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

bergerhoffer · 2021-10-14T12:43:53Z

/cherrypick enterprise-4.8

openshift-cherrypick-robot · 2021-10-14T12:43:54Z

@bergerhoffer: once the present PR merges, I will cherry-pick it on top of enterprise-4.8 in a new PR and assign it to you.

In response to this:

/cherrypick enterprise-4.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

bergerhoffer · 2021-10-14T12:44:24Z

4.6 and 4.7 backports to be done manually so that I can change batch/v1 to batch/v1beta1 for these versions.

openshift-cherrypick-robot · 2021-10-14T12:45:16Z

@bergerhoffer: new pull request created: #37520

In response to this:

/cherrypick enterprise-4.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

openshift-cherrypick-robot · 2021-10-14T12:45:57Z

@bergerhoffer: new pull request created: #37521

In response to this:

/cherrypick enterprise-4.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

bergerhoffer added branch/enterprise-4.6 branch/enterprise-4.7 branch/enterprise-4.8 branch/enterprise-4.9 labels Sep 2, 2021

bergerhoffer added this to the Future Release milestone Sep 2, 2021

openshift-ci bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 2, 2021

bergerhoffer force-pushed the OSDOCS-1856 branch from d496765 to 855a7ab Compare September 2, 2021 17:55

bergerhoffer commented Sep 8, 2021

View reviewed changes

modules/ldap-auto-syncing.adoc Outdated Show resolved Hide resolved