mc idp ldap add — MinIO Object Storage for Linux

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

霸气的拐杖 · linux-FastEDA· 1 周前 ·

帅呆的炒粉 · 图：广州快速公交（BRT）试验线开通-搜狐新闻· 3 月前 ·

爱运动的手电筒 · 如何在PHP中解析Cron表达式 | ...· 4 月前 ·

重情义的槟榔 · 聆听23个“我与广州体育”的故事，奔赴第十五 ...· 5 月前 ·

玩命的苦瓜 · 屈原沉江的启示：高尚是通行证，卑鄙是墓志铭· 6 月前 ·

有胆有识的烤土司 · 浅谈开发pyqt5应用的实践 | ...· 7 月前 ·

MinIO for SUSE Rancher MinIO for Amazon Elastic Kubernetes Service MinIO for Azure Kubernetes Service MinIO for Google Kubernetes Engine Bucket & Object Versioning Data Life Cycle Management & Tiering Automated Data Management Interfaces Monitoring Scalability AWS S3 Compatibility VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKGI and how we support their Kubernetes ambitions. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores Veeam Learn how MinIO and Veeam have partnered to drive performance and scalability for a variety of backup use cases. Azure to AWS S3 Gateway Learn how MinIO allows Azure Blob to speak Amazon’s S3 API HDFS Migration Modernize and simplify your big data storage infrastructure with high-performance, Kubernetes-native object storage from MinIO. Teradata Discover why MinIO is the Native Object Store (NOS) of choice for at-scale Teradata deployments

Monitoring Bucket and Object Events

Identity and Access Management

Server-Side Encryption of Objects

Bucket Replication

Batch Framework

Core Administration Concepts

Software Development Kits (SDK)

Security Token Service (STS)

Transforms with Object Lambda

File Transfer Protocol (FTP/SFTP)

MinIO Client

MinIO Client Settings
mc alias
mc anonymous
mc batch
mc cat
mc cp
mc diff
mc du
mc encrypt
mc event
mc find
mc head

mc idp ldap add
mc idp ldap disable
mc idp ldap enable
mc idp ldap info
mc idp ldap ls
mc idp ldap rm
mc idp ldap update
mc idp ldap accesskey
mc idp ldap policy
mc idp openid
mc ilm
mc legalhold
mc license
mc ls
mc mb
mc mirror
mc mv
mc od
mc ping
mc pipe
mc quota
mc rb
mc replicate
mc retention
mc rm
mc share
mc sql
mc stat
mc support
mc tag
mc tree
mc undo
mc update
mc version
mc watch
MinIO Admin Client
Deprecated Commands
MinIO Server
Integrations
Glossary

The following example sets the AD/LDAP configuration settings for the myminio deployment.

mc idp ldap add                                                            \
            myminio                                                        \
            server_addr=myldapserver:636                                   \
            lookup_bind_dn=cn=admin,dc=min,dc=io                           \
            lookup_bind_password=somesecret                                \
            user_dn_search_base_dn=dc=min,dc=io                            \
            user_dn_search_filter="(uid=%s)"                               \
            group_search_base_dn=ou=swengg,dc=min,dc=io                    \
            group_search_filter="(&(objectclass=groupofnames)(member=%d))"
Replace ALIAS with the alias of a MinIO deployment to create for AD/LDAP integration.
Replace the [CFG_PARAM#] with each of the configuration setting key-value pairs in the format of PARAMETER="value".
Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.
Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.
Parameters

ALIAS
RequiredThe alias of the MinIO deployment on which to add an AD/LDAP integration.
For example:
mc idp ldap add myminio                               \
                server_addr=myldapserver:636          \
                lookup_bind_dn=cn=admin,dc=min,dc=io  \
                lookup_bind_password=somesecret       \
                user_dn_search_base_dn=dc=min,dc=io   \
                user_dn_search_filter="(uid=%s)"      \
server_addr
RequiredSpecify the hostname for the Active Directory / LDAP server. For example:
ldapserver.com:636
srv_record_name automatically identifies the port
If your AD/LDAP server uses DNS SRV Records, do not append the port number to your server_addr value.
SRV requests automatically include port numbers when returning the list of available servers.
This parameter corresponds with the MINIO_IDENTITY_LDAP_SERVER_ADDR environment variable.
lookup_bind_dn
RequiredSpecify the Distinguished Name (DN) for an AD/LDAP account MinIO uses when
querying the AD/LDAP server. Enables Lookup-Bind authentication to the AD/LDAP server.
The DN account should be a read-only access keys with sufficient
privileges to support querying performing user and group lookups.
This parameter corresponds with the MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN environment variable.
RequiredSpecify the password for the Lookup-Bind user account.
Changed in version RELEASE.2023-06-23T20-26-00Z: MinIO redacts this value when returned as part of mc admin config get.
This parameter corresponds with the MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD environment variable.
user_dn_search_base_dn
RequiredSpecify the base Distinguished Name (DN) MinIO uses when querying for
user credentials matching those provided by an authenticating client.
For example:
cn=miniousers,dc=myldapserver,dc=net
Supports Lookup-Bind mode.
This parameter corresponds with the MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN environment variable.
user_dn_search_filter
RequiredSpecify the AD/LDAP search filter MinIO uses when querying for user credentials
matching those provided by an authenticating client.
Use the %s substitution character to insert the client-specified
username into the search string. For example:
(userPrincipalName=%s)
This parameter corresponds with the MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER environment variable.
enabled
OptionalSet to false to disable the AD/LDAP configuration.
If false, applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider.
Defaults to true or “enabled”.
group_search_base_dn
OptionalSpecify a comma-separated list of group search base Distinguished Names
MinIO uses when performing group lookups.
For example:
cn=miniogroups,dc=myldapserver,dc=net"
This parameter corresponds with the MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN environment variable.
group_search_filter
OptionalSpecify an AD/LDAP search filter for performing group lookups for the
authenticated user
Use the %s substitution character to insert the client-specified username
into the search string. Use the %d substitution character to insert the
Distinguished Name of the client-specified username into the search string.
For example:
(&(objectclass=groupOfNames)(memberUid=%s))
This parameter corresponds with the MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER environment variable.
server_insecure
OptionalSpecify on to allow unsecured (non-TLS encrypted) connections to
the AD/LDAP server.
MinIO sends AD/LDAP user credentials in plain text to the AD/LDAP server, such
that enabling TLS is required to prevent reading credentials over the wire.
Using this option presents a security risk where any user with access to
network traffic can observe the unencrypted plaintext credentials.
Defaults to off.
This parameter corresponds with the MINIO_IDENTITY_LDAP_SERVER_INSECURE environment variable.
New in version RELEASE.2022-12-12T19-27-27Z.
Specify the appropriate value to enable MinIO to select an AD/LDAP server using a DNS SRV record request.
When enabled, MinIO selects an AD/LDAP server by:
Constructing the target SRV record name following standard naming conventions.
Requesting a list of available AD/LDAP servers.
Choosing an appropriate target based on priority and weight.
The configuration examples below presume the AD/LDAP server address is set to example.com and the SRV record protocol is _tcp.
For SRV record names beginning with _ldap, specify ldap.
The constructed DNS SRV record name resembles the following:
_ldap._tcp.example.com
For SRV record names with beginning with _ldaps, specify ldaps.
The constructed DNS SRV record name resembles the following:
_ldaps._tcp.example.com
If your DNS SRV record name uses alternate service or protocol names, specify on and provide the full record name as your LDAP server address.
Example: _ldapserver._specialtcp.example.com
For more about DNS SRV records, see DNS SRV Records for LDAP.
Server address for DNS SRV record configurations
The specified server name must not include a port number.
This is different from a standard AD/LDAP configuration, where the port number is required.
See server_addr or MINIO_IDENTITY_LDAP_SERVER_ADDR for more about configuring an AD/LDAP server address.
This parameter corresponds with the MINIO_IDENTITY_LDAP_SRV_RECORD_NAME environment variable.
tls_skip_verify
OptionalSpecify on to trust the AD/LDAP server TLS certificates without
verification. This option may be required if the AD/LDAP server TLS certificates
are signed by an untrusted Certificate Authority (e.g. self-signed).
Defaults to off
This parameter corresponds with the MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY environment variable.
S3 Compatibility

The mc commandline tool is built for compatibility with the AWS S3
API and is tested with MinIO and AWS S3 for expected functionality and behavior.
MinIO provides no guarantees for other S3-compatible services, as their S3 API
implementation is unknown and therefore unsupported. While mc
commands may work as documented, any such usage is at your own risk.
            Your privacy is important to us:
            We use cookies in order to give you a better experience. If you wish so, you can always review our 
            Privacy Policy.