"DOMAIN\serviceaccount") or UPN format (e.g. The username can be entered in NetBIOS format (e.g. The duration in number of seconds that Rancher waits before considering the AD server unreachable.Įnter the username of an AD account with read-only access to your domain partition (see Prerequisites). Unencrypted LDAP normally uses the standard port of 389, while LDAPS uses port 636.Ĭheck this box to enable LDAP over SSL/TLS (commonly known as LDAPS). Specify the port at which the Active Directory server is listening for connections. Specify the hostname or IP address of the AD server If you are unsure about the correct values to enter in the user/group Search Base field, please refer to Identify Search Base and Schema using ldapsearch. Please refer to the following table for detailed information on the required values for each parameter.
Configure an Active Directory server, complete the fields with the information specific to your Active Directory server. For help, refer to the details on configuration options below.Ĭonfigure Active Directory Server Settings The Authentication Provider: ActiveDirectory form will be displayed. In the left navigation menu, click Auth Provider.In the top left corner, click ☰ > Users & Authentication.Log into the Rancher UI using the initial local admin account.Alternatively, this error can be ignored by setting GODEBUG=x509ignoreCN=0 as an environment variable to Rancher server container.Ĭonfiguration Steps Open Active Directory Configuration To resolve the error, update or replace the certificates on the AD server with new ones that support the SAN attribute. The error received is "Error creating SSL connection: LDAP Result Code 200 "Network Error": x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0". This is a check enabled by default in Go v1.15. Upon an upgrade to v2.6.0, authenticating via Rancher against an active directory using TLS can fail if the certificates on the AD server do not support SAN attributes.
You will have to paste in this certificate during the configuration so that Rancher is able to validate the certificate chain. If the certificate used by the AD server is self-signed or not from a recognized certificate authority, make sure have at hand the CA certificate (concatenated with any intermediate certificates) in PEM format.
0 kommentar(er)
