No members in a group when syncing groups in OpenShift with LDAP on IPA

Solution In Progress - Updated -

Issue

OpenShift syncing groups with LDAP can find user groups but not their members when bind dn and passwords aren't specified.

With ldap_group_sync.yaml:

url: ldap://10.0.0.0:389 
insecure: true 
ca: my-ldap-ca-bundle.crt  
rfc2307:
...

The oadm groups sync got no users:

$ oadm groups sync --sync-config=ldap_group_sync.yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: Group
  metadata:
    annotations:
      openshift.io/ldap.sync-time: 2016-08-02T17:26:08-0400
      openshift.io/ldap.uid: cn=admins,dc=example,dc=com
      openshift.io/ldap.url: localhost:389
    creationTimestamp: null
    labels:
      openshift.io/ldap.host: localhost
    name: admins
  users: null
kind: List
metadata: {}

Environment

  • OpenShift Enterprise
    • 3.2
  • OpenShift Container Platform
    • 3.9
    • 3.10
    • 3.11

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content