Answer : A
Verify prerequisites exist (Secret + ConfigMap)
oc -n openshift-config get secret rhds-ldap-secret
oc -n openshift-config get configmap rhds-ca-config-map
OAuth LDAP configuration references these objects. If they don't exist, OAuth won't be able to bind to LDAP securely.
Edit the cluster OAuth resource
oc edit oauth cluster
The oauth/cluster resource is where identity providers are defined.
Add an LDAP identity provider entry (example structure)
Add under spec.identityProviders:
- name: corp-ldap
mappingMethod: claim
type: LDAP
ldap:
url: 'ldaps://ldap.example.com:636/ou=People,dc=example,dc=com?uid'
bindDN: 'uid=openshift,ou=svc,dc=example,dc=com'
bindPassword:
name: rhds-ldap-secret
ca:
name: rhds-ca-config-map
insecure: false
attributes:
id: ['dn']
name: ['cn']
preferredUsername: ['uid']
email: ['mail']
url: where to search for users and which attribute is used for login (here uid).
bindDN + bindPassword: service account used for LDAP queries.
ca: trusts the LDAP server CA for TLS.
attributes: maps LDAP data into OpenShift user identity fields.
Restart OAuth pods to load changes quickly
oc -n openshift-authentication delete pod -l app=oauth-openshift
This forces pods to restart and re-read the updated configuration.
Verify the identity provider appears and users can log in
In the web console login page, you should see the new provider (name may show as corp-ldap).
After a successful login, confirm user objects appear:
oc get users
oc get identities
OpenShift creates User and Identity objects upon first successful authentication.
==========
All Official Question Types