Hello, guys.
I am using Rancher CLI to add members. In UI there are User groups and Users. I can add Users since they have name but not User groups. Is that possible somehow to add User groups either ? Maybe can put name for User groups ?
You will need an external auth provider that supports groups as local authorization does not support groups. More information can be found here.
Thank you for reply. I am using command “./rancher projects add-member-role” [username] [rolename] When I list people they have special username is “User” column but “User groups” don’t have any username. if member is added via following command, I still need Username for groups
and also we have External auth provider : “Authentication Provider: ActiveDirectory”. I can add both Users and User groups in UI without any problem. My question is about how can I add User Groups in CLI. In docs it says “./rancher projects add-member-role” [username] [rolename]" command needs Username but We don’t have such Username for User groups
Have you verified if it adds to the ClusterRoles correctly?
I’m using FreeIPA rather than AD but when I put in a binding for all members of the equivalent of Domain Admins group to be Cluster Admins and logged in for the first time with my user in that group it partially acted like I was a cluster admin but also when I looked at my user’s status I was not (but I had more menus than the standard user the menu thought I was). I didn’t test enough to see if it was a UI glitch or permission error as I still had my local admin logged in in another window at the time. This was with Rancher 2.6.2.
so is that possible to put "Username"s for the User Groups in Configuration (Active Directory to Rancher) ? It would be great to know which field and what expression would give Username for User Groups.
No clue, I haven’t used the Rancher CLI at all. I was more warning you to validate anything you do with AD groups that it works right before you rely on it.