Spinnaker:LDAP授权设置

时间:2017-09-27 22:13:42

标签: spinnaker

你好:当尝试使用LDAP设置授权时,我收到以下错误,任何建议:

2017-09-27 21:52:30.931  WARN 1 --- [           main] 
c.n.s.f.p.internal.ClouddriverService    : [] Cache initialization 
failed: 
com.netflix.hystrix.exception.HystrixRuntimeException: getAccounts failed and fallback failed.
at com.netflix.hystrix.AbstractCommand$16.call(AbstractCommand.java:811)
at com.netflix.hystrix.AbstractCommand$16.call(AbstractCommand.java:785)
at rx.internal.operators.OperatorOnErrorResumeNextViaFunction$1.onError(OperatorOnErrorResumeNextViaFunction.java:99)
at rx.internal.operators.OperatorDoOnEach$1.onError(OperatorDoOnEach.java:71)
at rx.internal.operators.OperatorDoOnEach$1.onError(OperatorDoOnEach.java:71)
at rx.internal.operators.OperatorDoOnEach$1.onError(OperatorDoOnEach.java:71)
at com.netflix.hystrix.AbstractCommand$DeprecatedOnFallbackHookApplication$1.onError(AbstractCommand.java:1514)
at com.netflix.hystrix.AbstractCommand$FallbackHookApplication$1.onError(AbstractCommand.java:1404)
at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:314)
at com.netflix.hystrix.HystrixCommand$2.call(HystrixCommand.java:306)
at rx.Observable$2.call(Observable.java:162)```

这是我的ldap配置:

auth: groupMembership: service: ldap ldap: url: ldap://10.10.10.21 managerDn: cn=admn,dc=testlab,dc=corp managerPassword: adm543 groupSearchBase: ou=groups,dc=testlab,dc=corp groupSearchFilter: member={0},dc=testlab,dc=corp groupRoleAttributes: cn userDnPattern: uid={0},ou=testlab,ou='service accounts' userSearchBase: dc=testlab,dc=corp userSearchFilter: ''

2 个答案:

答案 0 :(得分:1)

userSearchFilter正在覆盖userDnPattern。看起来您只搜索服务帐户中的用户ou。

尝试这样的事情

auth:
  groupMembership:
    service: ldap
    ldap:
      # Connection
      url: ldap://10.10.10.21
      managerDn: cn=admn,dc=testlab,dc=corp
      managerPassword: adm543
      # Groups
      groupSearchBase: ou=groups,dc=testlab,dc=corp
      groupSearchFilter: member={0},dc=testlab,dc=corp
      groupRoleAttributes: cn
      # Users
      userSearchBase: uid={0},ou=users,dc=testlab,dc=corp

答案 1 :(得分:0)

我设法让它像这样工作。

       ldap:
          roleProviderType: LDAP
          url: ldap://##.###.##.###:389
          managerDn: CN=myUser,OU=Users_ServicesAdmin,OU=Usuarios_Especiais,DC=myDc,DC=intranet
          managerPassword: #####
          userSearchFilter: sAMAccountName={0}
          userSearchBase: dc=uolcorp,dc=intranet
          groupSearchBase: ou=Grupos,ou=Grupos,DC=corp,DC=intranet
          groupSearchFilter: member={0}
          groupRoleAttributes: cn
相关问题
最新问题