Failing to Assign Rancher Administrator role to OpenLDAP group

Please see https://github.com/rancher/rancher/issues/27045

The goal is to assign Rancher global Administrator role to an OpenLDAP group so that all users/members in that specific LDAP Group can access Rancher UI with admin privileges.

I follow the instruction from this https://rancher.com/docs/rancher/v2.x/en/admin-settings/rbac/global-permissions/#assigning-a-custom-global-permission-to-a-group - Configuring Global Permissions for Groups.

I have OpenLDAP authentication enabled in Rancher 2.4.3. I have rancher-admin OpenLDAP group that I assign the Rancher global Administrator role (in addition to Standard User role). As a user/member of the “rancher-admin” group, I should be able to login to Rancher UI with admin access. However, that’s not the case. It appears I only have Standard User permission since I do not see any resources (clusters, projects, etc.).

Thank you.

1 Like

I no longer have the issue after I updated the configuration for Users and Groups attributes base on these 2 links:

  1. https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/openldap/openldap-config/#user-schema-configuration
  2. https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/openldap/openldap-config/#group-schema-configuration

Thank you.