openshift 配置ldap认证

master主配置文件：

......
  identityProviders:
  - challenge: true
    login: true
    mappingMethod: claim
    name: Ldap_auth
    provider:
      apiVersion: v1
      kind: LDAPPasswordIdentityProvider
      attributes:
        id:
        - dn
        email:
        - mail
        name:
        - cn
        preferredUsername:
        - uid
      bindDN: "uid=ldapreader,cn=users,dc=example,dc=com"
      bindPassword: "PASSWD"
      insecure: true
      url: "ldap://<IP>:389/cn=users,dc=example,dc=com?uid"
......

默认情况下oc并不会同步ldap组

新建一个yaml文件以openldap为例

kind: LDAPSyncConfig
apiVersion: v1
url: ldap://<IP>:389
insecure: true
rfc2307:
    groupsQuery:
        baseDN: "cn=groups,dc=example,dc=com"
        scope: sub
        derefAliases: never
        pageSize: 0
        filter: (objectClass=posixGroup)
    groupUIDAttribute: dn
    groupNameAttributes: [ cn ]
    groupMembershipAttributes: [ member ]
    usersQuery:
        baseDN: "dc=example,dc=com"
        scope: sub
        derefAliases: never
        pageSize: 0
    userUIDAttribute: dn
    userNameAttributes: [ cn ]
    tolerateMemberNotFoundErrors: false
    tolerateMemberOutOfScopeErrors: false

oadm groups sync --sync-config=/etc/origin/master/rfc2307_config.yaml --confirm