OpenLDAP Groups not working as expected in Rancher 1.4

rbhaddon · February 13, 2017, 10:37pm

LDAP group permissions are only partially working with Rancher Environment Access Controls. If a Rancher user account is set to ‘Admin’, then Rancher can detect their LDAP group membership (tested through the drop down arrow in environment access controls). However, if the user account is set to ‘User’, then Rancher fails to determine LDAP group membership.

I’m simulataneously working with our LDAP support to see if our schema is different than what Rancher expects, but I want to ask here as well because it half works so maybe it’s a Rancher bug.

Other info:
We’ve been seeing this since 1.3 at least, but possible 1.2. Upgrading to 1.4 did not resolve the issue.

rbhaddon · February 15, 2017, 11:11pm

As it turns out, the problem was entirely related to our non-standard LDAP schema. The interaction that I thought I was seeing with Rancher account roles (User vs Admin) was a complete red herring.

Topic		Replies	Views
[Help needed] Rancher and OpenLDAP Groups Rancher 1.x	0	988	December 6, 2017
How to mapping Rancher environment roles and ldap groups Rancher 1.x	4	3275	July 26, 2016
OpenLDAP Access Control Rancher 1.x	6	1882	January 26, 2017
Failing to Assign Rancher Administrator role to OpenLDAP group Rancher 2.x	1	678	May 13, 2020
Issues with LDAP groups - v1.4.1 Rancher 1.x	1	1283	March 3, 2017

OpenLDAP Groups not working as expected in Rancher 1.4

Related Topics