From 2dff1b822af03c1033d1f70762ade07b84462e1f Mon Sep 17 00:00:00 2001 From: ravindk89 Date: Fri, 9 Jul 2021 17:19:06 -0400 Subject: [PATCH] Minor fixups to external IDP pages --- ...onfigure-ad-ldap-external-identity-management.rst | 12 ++++++++---- ...authentication-with-ad-ldap-identity-provider.rst | 1 + ...configure-openid-external-identity-management.rst | 10 ++++++---- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/source/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst b/source/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst index 5e134e16..37ee527f 100644 --- a/source/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst +++ b/source/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst @@ -106,6 +106,8 @@ environment variables and configuration settings respectively: export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN="dc=example,dc=net" export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER="(&(objectCategory=user)(sAMAccountName=%s))" export MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD="xxxxxxxxx" + export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER="(&(objectClass=group)(member=%d))" + export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="ou=MinIO Users,dc=example,dc=net" For complete documentation on these variables, see :ref:`minio-server-envvar-external-identity-management-ad-ldap` @@ -140,7 +142,9 @@ environment variables and configuration settings respectively: lookup_bind_dn="CN=xxxxx,OU=xxxxx,OU=xxxxx,DC=example,DC=net" \ lookup_bind_password="xxxxxxxx" \ user_dn_search_base_dn="DC=example,DC=net" \ - user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))" + user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))" \ + group_search_filter= "(&(objectClass=group)(member=%d))" \ + group_search_base_dn="ou=MinIO Users,dc=example,dc=net" For more complete documentation on these settings, see :mc-conf:`identity_ldap`. @@ -176,9 +180,9 @@ AD/LDAP provider, generating temporary credentials using the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment. -Starting in RELEASE, the MinIO Console is embedded in the MinIO server. -You can access the Console by opening the root URL for the MinIO cluster. -For example, ``https://minio.example.net:9001``. +Starting in :minio-release:`RELEASE.2021-07-08T01-15-01Z`, the MinIO Console is +embedded in the MinIO server. You can access the Console by opening the root URL +for the MinIO cluster. For example, ``https://minio.example.net:9000``. From the Console, click :guilabel:`BUTTON` to begin the Active Directory / LDAP authentication flow. diff --git a/source/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider.rst b/source/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider.rst index 01950d11..7ecb69bd 100644 --- a/source/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider.rst +++ b/source/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider.rst @@ -248,6 +248,7 @@ configuration settings required for enabling group lookups: .. toctree:: :titlesonly: + :hidden: /security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst /security/ad-ldap-external-identity-management/AssumeRoleWithLDAPIdentity.rst diff --git a/source/security/openid-external-identity-management/configure-openid-external-identity-management.rst b/source/security/openid-external-identity-management/configure-openid-external-identity-management.rst index 2bc8b854..818fa7bb 100644 --- a/source/security/openid-external-identity-management/configure-openid-external-identity-management.rst +++ b/source/security/openid-external-identity-management/configure-openid-external-identity-management.rst @@ -95,6 +95,7 @@ environment variables and configuration settings respectively: export MINIO_IDENTITY_OPENID_CONFIG_URL="https://openid-provider.example.net/.well-known/openid-configuration" export MINIO_IDENTITY_OPENID_CLIENT_ID="" + export MINIO_IDENTITY_OPENID_CLIENT_SECRET="" export MINIO_IDENTITY_OPENID_CLAIM_NAME="" export MINIO_IDENTITY_OPENID_CLAIM_PREFIX="" export MINIO_IDENTITY_OPENID_SCOPES="" @@ -126,6 +127,7 @@ environment variables and configuration settings respectively: mc admin config set ALIAS/ identity_openid \ config_url="https://openid-provider.example.net/.well-known/openid-configuration" \ client_id="" \ + client_secret="" \ claim_name="" \ claim_prefix="" \ scopes="" \ @@ -169,9 +171,9 @@ The MinIO Console supports the full workflow of authenticating to the the MinIO :ref:`minio-sts-assumerolewithwebidentity` Security Token Service (STS) endpoint, and logging the user into the MinIO deployment. -Starting in RELEASE, the MinIO Console is embedded in the MinIO server. -You can access the Console by opening the root URL for the MinIO cluster. -For example, ``https://minio.example.net:9001``. +Starting in :minio-release:`RELEASE.2021-07-08T01-15-01Z`, the MinIO Console is +embedded in the MinIO server. You can access the Console by opening the root URL +for the MinIO cluster. For example, ``https://minio.example.net:9000``. From the Console, click :guilabel:`BUTTON` to begin the OpenID authentication flow. @@ -234,4 +236,4 @@ access key, secret key, session token, and expiration date. Applications can use the access key and secret key to access and perform operations on MinIO. -SEe the :ref:`minio-sts-assumerolewithwebidentity` for reference documentation. \ No newline at end of file +See the :ref:`minio-sts-assumerolewithwebidentity` for reference documentation. \ No newline at end of file