| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 |
- See MDR MIgration to Sensu Go.txt file for more details
- In version 5.16 the default password was removed in favor of a sensu-backend init with bash variables.
- Sen$uP@ssw0rd!
- systemctl start sensu-backend
- export SENSU_BACKEND_CLUSTER_ADMIN_USERNAME=YOUR_USERNAME
- export SENSU_BACKEND_CLUSTER_ADMIN_PASSWORD=YOUR_PASSWORD
- sensu-backend init
- sensuctl create --file filename.json
- ---
- type: oidc
- api_version: authentication/v2
- metadata:
- name: oidc_okta
- spec:
- additional_scopes:
- - groups
- client_id: <nope>
- client_secret: <nope>
- redirect_uri: https://sensu.msoc.defpoint.local:8000/api/enterprise/authentication/v2/oidc/callback
- server: https://mdr-multipass.okta.com
- groups_claim: groups
- groups_prefix: 'okta'
- username_claim: email
- username_prefix: 'okta'
-
- #cluster role binding for okta
- sensuctl cluster-role-binding create okta --cluster-role=cluster-admin --group=okta:mdr-admins
- sensuctl cluster-role-binding create mdr-admin --cluster-role=mdr-admin --group=ldap:mdr-admins
-
- sensuctl cluster-role-binding list
- type: ClusterRoleBinding
- api_version: core/v2
- metadata:
- name: cluster-admin
- spec:
- role_ref:
- name: cluster-admin
- type: ClusterRole
- subjects:
- - name: okta:group
- type: Group
-
-
- running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"
- ldapsearch -x -H ldaps://mdr-multipass.ldap.okta.com -b dc=mdr-multipass,dc=okta,dc=com -D "uid=ldap.read@defpoint.com,dc=mdr-multipass,dc=okta,dc=com" -W
- # brad.poulton, users, mdr-multipass.okta.com
- dn: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com
- objectClass: top
- objectClass: person
- objectClass: organizationalPerson
- objectClass: inetOrgPerson
- uid: brad.poulton
- uniqueIdentifier: 00u22ymdgdKPTDyR5297
- organizationalStatus: ACTIVE
- givenName: Brad
- sn: Poulton
- cn: Brad Poulton
- mail: brad.poulton@accenturefederal.com
- mobile: 4355126342
- # mdr-admins, groups, mdr-multipass.okta.com
- dn: cn=mdr-admins,ou=groups,dc=mdr-multipass,dc=okta,dc=com
- objectClass: top
- objectClass: groupofUniqueNames
- cn: mdr-admins
- uniqueIdentifier: 00g1m5jakrmiDwISV297
- uniqueMember: uid=chris.lynch,ou=users,dc=mdr-multipass,dc=okta,dc=com
- uniqueMember: uid=ryan.damour,ou=users,dc=mdr-multipass,dc=okta,dc=com
- uniqueMember: uid=duane.waddle,ou=users,dc=mdr-multipass,dc=okta,dc=com
- uniqueMember: uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com
- Jan 14 23:48:51 sensu sensu-backend: {"component":"authentication/v2","level":"debug","msg":"running ldap search with basedn \"ou=groups, dc=mdr-multipass, dc=okta, dc=com\" and filter \"(\u0026(objectclass=groupOfNames)(uniqueMember=uid=brad.poulton,ou=users,dc=mdr-multipass,dc=okta,dc=com))\"","time":"2020-01-14T23:48:51Z"}
- brad-test
- SensuA123
|
