Our users are located in Active Directory with an LDAP path something like this:
CN=myusername,OU=User,OU=UnitedKingdom,DC=aaa,DC=bbb,DC=ccc
Using the OU=User,OU=UnitedKingdom,DC=aaa,DC=bbb,DC=ccc as the user search base we can set up the Authentication (https://rancher.com/docs/rancher/v2.5/en/admin-settings/authentication/ad/) And I have been able to get things working for UK people only….
However: There are multiple countries in which potential users of the cluster can come from E.G Germany, India etc… We have a lot of users organised in this way and so I wanted to get a unified view of them in the running rancher UI.
from the docs, User Search Base says
The Distinguished Name of the node in your directory tree from which to start searching for user objects. All users must be descendants of this base DN. For example: “ou=people,dc=acme,dc=com”.
So I cannot use either multiple search bases (AFAICS)
OU=User,OU=UnitedKingdom,DC=aaa,DC=bbb,DC=ccc
OU=User,OU=Germany,DC=aaa,DC=bbb,DC=ccc”,….
or wildcards to specify the users.
OU=User,OU=(*),DC=aaa,DC=bbb,DC=ccc
Q1) Is there a way to have multiple search bases or use wildcards, or is there a way round this that we can use?
As an alternative
Q2) could use NIS to authenticate. Is there a way to set up NIS as the source of users and groups?
so apologies for the terse response before but I think you are right (I’m new to LDAP and Rancher - not a good mix) - thanks for the response