[OKD4.6+] LDAP idP works fine but shows User Name Strings only base64 encoded - Bug?

[devzeronull]

Hi,

with some OKD version change (I think OKD 4.5 to 4.6 or so) Names of Users provided through LDAP idP which were automatically created after initial authentication get created with Usernames as base64 encoded string:

We are sure that this was not like that in an pre 4.6 OKD Release and is also not in our 3.11 clusters...

Our idP configuration works fine ever since and has never changed from our sides:

spec:
  identityProviders:
  - ldap:
      attributes:
        email:
        - Email
        id:
        - dn
        name:
        - cn
        preferredUsername:
        - uid
      bindDN: uid=XXX,dc=XXX,dc=XX
      bindPassword:
        name: ldaps-secret
      ca:
        name: ldaps-ca
      insecure: false
      url: ldaps://XXX.XXX:636/dc=XXX,dc=XX?uid??(memberOf=cn=XXX,ou=XXX,dc=XXX,dc=XX)
    mappingMethod: claim
    name: ldaps
    type: LDAP

Do you have any clue how to have the names shown decoded?
This is really annoying, e.g. the base64 string appears in requester, creator fields and therefor also in logging and monitoring systems...

[devzeronull]

Thanks for moving it to a discussion - do you have any hints?

[JaimeMagiera]

What flavor of LDAP server? If it's ActiveDirectory, you'll want to map preferredUsername to sAMAccountName.

[devzeronull]

Hi, it's an ordinary LDAP Server running OpenLDAP.

The problem seems more related to OKD (configuration). When I decode the String it is the full DN which also was used and shown decoded in former OKD versions...

[duritong]

This happens when the preferredUsername field is not correct and the the mapper falls back to the base64 encoded main id.