You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please be specific and include screenshots and logs!
Successful setup of Supervisor
Successful setup of Concierge
Successful setup of ActiveDirectoryIdentityProvider
Successful pulling of kubeconfig using pinniped get kubeconfig
Failure to do anything against the cluster (e.g. kubectl get ns)
After all of the above, the kubectl command reports an error:
kubectl get ns
Username: admin.dustin@my.domain
Password:
Error: could not complete Pinniped login: error getting authorization: expected to be redirected, but response status was 502 Bad Gateway
And there are errors in the supervisor logs:
I0502 19:18:22.040216 1 auth_handler.go:105] "unexpected error during upstream LDAP authentication" warning="true" error="error searching for group memberships for user with DN \"CN=Dustin Scott (Admin),OU=Users,OU=my,DC=my,DC=domain
\": LDAP Result Code 201 \"Filter Compile Error\": ldap: finished compiling filter with extra at end: OU=Users,OU=my,DC=my,DC=domain
"
Using a user without the parentheses () in the name ( (Admin) in the above example) results in a successful login.
What did you expect to happen?
Please be specific and include proposed behavior!
Users that contain parentheses are able to login successful and perform commands that they are authorized to perform.
What is the simplest way to reproduce this behavior?
In what environment did you see this bug?
Pinniped server version: v0.16.0
Pinniped client version: v0.16.0
Pinniped container image (if using a public container image): projects.registry.vmware.com/pinniped/pinniped-server:v0.16.0@sha256:e333109a3b6433d24c3477ee3589244cb3239c9e758f2dff22cc0a81cc6bc762
Pinniped configuration (what IDP(s) are you using? what downstream credential minting mechanisms are you using?): ActiveDirectory
What happened?
pinniped get kubeconfig
kubectl get ns
)After all of the above, the kubectl command reports an error:
And there are errors in the supervisor logs:
Using a user without the parentheses
()
in the name ((Admin)
in the above example) results in a successful login.What did you expect to happen?
Users that contain parentheses are able to login successful and perform commands that they are authorized to perform.
What is the simplest way to reproduce this behavior?
In what environment did you see this bug?
projects.registry.vmware.com/pinniped/pinniped-server:v0.16.0@sha256:e333109a3b6433d24c3477ee3589244cb3239c9e758f2dff22cc0a81cc6bc762
kubectl version
):kubeadm version
): NA (EKS cluster)cat /etc/os-release
):uname -a
):What else is there to know about this bug?
Link to conversation about bug at: https://kubernetes.slack.com/archives/C01BW364RJA/p1651518056901309
The text was updated successfully, but these errors were encountered: