问题描述:
由于openldap服务器变更,需将Rancher的ldap配置变更为新的openldap服务地址,但配置完毕提示 TestAndApply Error Permission denied。
1、根据新openldap配置如下:
==》新对接的日志(* 到了最后一行就没有其它信息了)
22/05/08 00:50:47 [DEBUG] Now generating Ldap token
2022/05/08 00:50:47 [DEBUG] Now creating Ldap connection
2022/05/08 00:50:47 [DEBUG] Binding service account username password
2022/05/08 00:50:47 [DEBUG] Binding username password
2022/05/08 00:50:47 [DEBUG] ldap IsType found object of type inetOrgPerson
2022/05/08 00:50:47 [DEBUG] getPrincipals: user attributes: [0xc016ac8680 0xc016ac86c0 0xc016ac8700 0xc016ac8740 0xc016ac8780 0xc016ac87c0 0xc016ac8800 0xc016ac8840 0xc016ac8880 0xc016ac88c0 0xc016ac8900 0xc016ac8940]
2022/05/08 00:50:47 [DEBUG] SearchResult memberOf attribute
{[ou=abc1,ou=app,dc=it,dc=com
ou=abc2,ou=app,dc=it,dc=com ]}
2022/05/08 00:50:47 [DEBUG] ldap IsType found object of type inetOrgPerson
2022/05/08 00:50:47 [DEBUG] ldap IsType found object of type inetOrgPerson
2022/05/08 00:50:47 [DEBUG] Ldap: Query for pulling user’s groups: (&(objectClass=groupOfUniqueNames)(|(entryDN=ou=abc1,ou=app,dc=it,dc=com)(entryDN=ou=abc2,ou=app,dc=it,dc=com)))
2022/05/08 00:50:47 [DEBUG] EntryDN attribute not returned, retrieving group membership using the member attribute
2022/05/08 00:50:47 [DEBUG] Retrieved following groups using member attribute:
[/details]
==》旧对接的日志
…除了类似上边的日志,还有更多诸如如下日志…
2022/05/08 00:24:36 [DEBUG] updating openldap config
2022/05/08 00:24:36 [INFO] Updating user user-hvlcz. Adding principal
2022/05/08 00:24:37 [DEBUG] Triggering auth refresh on user-hvlcz
2022/05/08 00:24:37 [DEBUG] Skipping refresh for user-hvlcz due to max-age
2022/05/08 00:24:37 [DEBUG] Triggering auth refresh on user-hvlcz
…
