"Network Error": EOF when accessing a Tanzu Kubernetes Grid (TKG) workload cluster with LDAP credentials
Article ID: 297301
Updated On:
Products
VMware Tanzu Kubernetes Grid
Issue/Introduction
To access the OIDC endpoint address, go to https://<IP_WORKLOAD_MASTER>:30166 in a browser.
You are trying to "Sign In" using your LDAP user credentials but you see the following error in your browser window:
Running the following kubectl command using TKG's management cluster as the current-context shows you the following error:
Commands
kubectl config use-context <management-cluster-name>@<management-cluster-user>kubectl -n tanzu-system-auth logs dex-<ID>
Error
{"level":"error","msg":"Failed to login user: failed to connect: LDAP Result Code 200 \"Network Error\": EOF","time":"2020-04-15T03:08:13Z"}
Environment
Product Version: 1.0
OS: PhotonOS
OS: PhotonOS
Resolution
This issue happens when the LDAP server is configured to listen on port
If your LDAP server is only listening to port 389, make sure to set the following properties under the LDAP connector for Dex's
After saving changes made to
389 but the request is sent on port 636.If your LDAP server is only listening to port 389, make sure to set the following properties under the LDAP connector for Dex's
ConfigMap file (tkg-extensions-v1.0.0/authentication/dex/vsphere/ldap/03-cm.yaml) as follows:
insecureNoSSL: trueinsecureSkipVerify: true
After saving changes made to
ConfigMap, for Dex to reflect the changes above, bounce back Dex's pod running on the TKG management cluster by using the following commands:
kubectl config use-context <management-cluster-name>@<management-cluster-user>kubectl apply -f tkg-extensions-v1.0.0/authentication/dex/vsphere/ldap/03-cm.yamlkubectl -n tanzu-system-auth delete pod dex-<ID>
Feedback
Yes
No
Powered by
