Harbor login is not working for some users with AD Integration
Article ID: 316783
Updated On:
Products
Pivotal CloudFoundry Services 1.x
Issue/Introduction
Symptoms:
Harbor login is not working for some users with AD Integration. For the same user, other logins are working including the PKS API login.
Harbor login is not working for some users with AD Integration. For the same user, other logins are working including the PKS API login.
Environment
VMware PKS 1.x
Cause
When Harbor is integrated with AD users may be onboarded with a particular LDAP setting. If the existing user account is moved to a different LDAP setting with the same email attribute, the user won't be able to login.
Example:
There is a user defined as ldap_uid=uid0001,cn=mike,email=[email protected]. This user is able to login as "mike" as it is configured to use ldap_uid field to "cn". If any setting is changed, like changing the domain or changing the UID attribute from "cn" to "samAccountName" subsequent logins as "mike" will fail. This is because there is a user existing in the harbor_user table in the Harbor database with the same email, [email protected].
Resolution
This is a known issue affecting Harbor. There is currently no resolution.
Workaround:
User account entries from old LDAP settings have to be removed from the Harbor database manually .
Workaround:
User account entries from old LDAP settings have to be removed from the Harbor database manually .
Feedback
Yes
No
Powered by
