Need an option of bringing the user names to a consistent (either lower or upper) case before adding them to groups #298
Comments
ypismerov-tmx
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The issue is particularly related to sync from AD/LDAP since there is no guarantee the user name (from AD side sAMAccountName or userPrincipalName, or mail attributes) is always stored in a canonical form.
It creates a problem since OpenShift/k8s is case sensitive by nature, while LDAP is not.
At this point authentication layer is not a problem since it takes place on LDAP/AD side, but the authorization (ie. groups placed in role bindings) becomes a problem.
From what I was able to gather, there is no plans to change this on the platform side as it is implied the names sourced from the authentication backed are canonical. But I presume the feature can be fairly easy implemented in the group sync operator by introducing a couple parameters, for instance, lower_case: true and upper_case: true to bring all user names to the same case after reading them from AD/LDAP and before placing them in groups.
The text was updated successfully, but these errors were encountered: