Replies: 3 comments
-
So, I believe you need to run the httpd-init image instead of the regular httpd image. I thought the operator did that automatically, but maybe I'm wrong, or perhaps the httpdAthenticationType doesn't quite match the one we are expecting. I'll be honest though, I don't think we've built it for a long while, and I'm not sure it's up to date. You can try building it locally, and then using that...it should mount in the config map if present. @bdunne can probably help with some more details here. I think @jrafanie has done some testing stuff with IPA as well. Our big problem in this space is that we've been focused on the httpd container, and we don't really have a proper AD/FreeIPA test setup nor resources to maintain it. The fact that we require privileged for the container makes it less likely to be used, and many systems either provide an OIDC interface (such as Azure AD) or you can deploy an OIDC solution like KeyCloak which supports AD as a backend. So that's why we've been focusing more on the OIDC side of things. That said, I'd love to solve this, and if you can help out here I'd appreciate the help. See https://github.com/ManageIQ/guides/blob/master/external_auth for more details on a development setup. If we can flesh that out a little more, that might help us keep this maintained. |
Beta Was this translation helpful? Give feedback.
-
Thank you for your feedback, does that means that, if I need freeIPA or AD, I also need a keyclock in between, or to move back to appliances ? |
Beta Was this translation helpful? Give feedback.
-
The value should be lower case in the CR. Alternatively, (I haven't tried it myself) using something like Keycloak in between should also work. |
Beta Was this translation helpful? Give feedback.
-
Hi,
I have deployed the najdorf operator and instance in my kubernetes cluster.
Now, I need to authenticate my users from an Active Directory ( in a next step, it will be from a freeIPA).
I followed the documentation: https://github.com/ManageIQ/httpd_configmap_generator
By deploying by hand, I succeded to produce the configMap file.
From there, what are the actions needed?
I updated the values of the instance by adding :
httpdAthenticationType: Active-Directory
I see that the https pod is updated but failed by the lack of the authnz apache module as well as I don't see theconfigMap files mounted
Can you help me?
Beta Was this translation helpful? Give feedback.
All reactions