LDAP group permissions are only partially working with Rancher Environment Access Controls. If a Rancher user account is set to ‘Admin’, then Rancher can detect their LDAP group membership (tested through the drop down arrow in environment access controls). However, if the user account is set to ‘User’, then Rancher fails to determine LDAP group membership.
I’m simulataneously working with our LDAP support to see if our schema is different than what Rancher expects, but I want to ask here as well because it half works so maybe it’s a Rancher bug.
Other info:
We’ve been seeing this since 1.3 at least, but possible 1.2. Upgrading to 1.4 did not resolve the issue.