hongming host集群未开启devops,LDAP应该是正常的,目前我应该是创建了一个本地用户,但是登陆的时候通过了外部LDAP进行认证了
kubesphere-config如下:
authentication:
authenticateRateLimiterMaxTries: 10
authenticateRateLimiterDuration: 10m0s
loginHistoryRetentionPeriod: 168h
maximumClockSkew: 10s
multipleLogin: True
kubectlImage: kubesphere/kubectl:v1.0.0
jwtSecret: "CVzq8oXJpfrBXBKU1Iu5bgzW7VkQvS7R"
oauthOptions:
accessTokenMaxAge: 12h
accessTokenInactivityTimeout: 30m
identityProviders:
- name: ldap
type: LDAPIdentityProvider
mappingMethod: auto
provider:
host: xxxx
managerDN: xxxx
managerPassword: xxxx
userSearchBase: xxxx
loginAttribute: sAMAccountName
mailAttribute: mail
ldap:
host: openldap.kubesphere-system.svc:389
managerDN: cn=admin,dc=kubesphere,dc=io
managerPassword: admin
userSearchBase: ou=Users,dc=kubesphere,dc=io
groupSearchBase: ou=Groups,dc=kubesphere,dc=io
redis:
host: redis.kubesphere-system.svc
port: 6379
password: ""
db: 0
mysql:
host: mysql.kubesphere-system.svc:3306
username: root
password: password
maxIdleConnections: 100
maxOpenConnections: 100
maxConnectionLifeTime: 10s
multicluster:
enable: true
agentImage: kubesphere/tower:v0.1.0
proxyPublishService: tower.kubesphere-system.svc
proxyPublishAddress: http://172.18.1.48:8888
monitoring:
endpoint: http://prometheus-operated.kubesphere-monitoring-system.svc:9090
logging:
host: http://elasticsearch-logging-data.kubesphere-logging-system.svc:9200
indexPrefix: ks-logstash-log
events:
host: http://elasticsearch-logging-data.kubesphere-logging-system.svc:9200
indexPrefix: ks-logstash-events
auditing:
enable: true
host: http://elasticsearch-logging-data.kubesphere-logging-system.svc:9200
indexPrefix: ks-logstash-auditing
notification:
endpoint: http://notification.kubesphere-alerting-system.svc:9200
账号无法登陆报错
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "Unauthorized: identity mapping not match",
"reason": "Unauthorized",
"code": 401
}```
