Minor fixups to external IDP pages

2025-07-30 07:03:26 +03:00 · 2021-07-09 17:19:06 -04:00
parent 9cc4d88f37
commit 2dff1b822a
3 changed files with 15 additions and 8 deletions
--- a/source/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst
+++ b/source/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst
@ -106,6 +106,8 @@ environment variables and configuration settings respectively:
         export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN="dc=example,dc=net"
         export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER="(&(objectCategory=user)(sAMAccountName=%s))"
         export MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD="xxxxxxxxx"
+         export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER="(&(objectClass=group)(member=%d))"
+         export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="ou=MinIO Users,dc=example,dc=net"

      For complete documentation on these variables, see
      :ref:`minio-server-envvar-external-identity-management-ad-ldap`
@ -140,7 +142,9 @@ environment variables and configuration settings respectively:
            lookup_bind_dn="CN=xxxxx,OU=xxxxx,OU=xxxxx,DC=example,DC=net" \
            lookup_bind_password="xxxxxxxx" \
            user_dn_search_base_dn="DC=example,DC=net" \
-            user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"
+            user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))" \
+            group_search_filter= "(&(objectClass=group)(member=%d))" \
+            group_search_base_dn="ou=MinIO Users,dc=example,dc=net" 

      For more complete documentation on these settings, see
      :mc-conf:`identity_ldap`.
@ -176,9 +180,9 @@ AD/LDAP provider, generating temporary credentials using
 the MinIO :ref:`minio-sts-assumerolewithldapidentity` Security Token Service
 (STS) endpoint, and logging the user into the MinIO deployment.

-Starting in RELEASE, the MinIO Console is embedded in the MinIO server.
-You can access the Console by opening the root URL for the MinIO cluster.
-For example, ``https://minio.example.net:9001``.
+Starting in :minio-release:`RELEASE.2021-07-08T01-15-01Z`, the MinIO Console is
+embedded in the MinIO server. You can access the Console by opening the root URL
+for the MinIO cluster. For example, ``https://minio.example.net:9000``.

 From the Console, click :guilabel:`BUTTON` to begin the Active Directory / LDAP
 authentication flow.
--- a/source/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider.rst
+++ b/source/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider.rst
@ -248,6 +248,7 @@ configuration settings required for enabling group lookups:

 .. toctree::
   :titlesonly:
+   :hidden:

   /security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.rst
   /security/ad-ldap-external-identity-management/AssumeRoleWithLDAPIdentity.rst
--- a/source/security/openid-external-identity-management/configure-openid-external-identity-management.rst
+++ b/source/security/openid-external-identity-management/configure-openid-external-identity-management.rst
@ -95,6 +95,7 @@ environment variables and configuration settings respectively:

         export MINIO_IDENTITY_OPENID_CONFIG_URL="https://openid-provider.example.net/.well-known/openid-configuration"
         export MINIO_IDENTITY_OPENID_CLIENT_ID="<string>"
+         export MINIO_IDENTITY_OPENID_CLIENT_SECRET="<string>"
         export MINIO_IDENTITY_OPENID_CLAIM_NAME="<string>"
         export MINIO_IDENTITY_OPENID_CLAIM_PREFIX="<string>"
         export MINIO_IDENTITY_OPENID_SCOPES="<string>"
@ -126,6 +127,7 @@ environment variables and configuration settings respectively:
         mc admin config set ALIAS/ identity_openid \
            config_url="https://openid-provider.example.net/.well-known/openid-configuration" \
            client_id="<string>" \
+            client_secret="<string>" \
            claim_name="<string>" \
            claim_prefix="<string>" \
            scopes="<string>" \
@ -169,9 +171,9 @@ The MinIO Console supports the full workflow of authenticating to the
 the MinIO :ref:`minio-sts-assumerolewithwebidentity` Security Token Service
 (STS) endpoint, and logging the user into the MinIO deployment.

-Starting in RELEASE, the MinIO Console is embedded in the MinIO server.
-You can access the Console by opening the root URL for the MinIO cluster.
-For example, ``https://minio.example.net:9001``.
+Starting in :minio-release:`RELEASE.2021-07-08T01-15-01Z`, the MinIO Console is
+embedded in the MinIO server. You can access the Console by opening the root URL
+for the MinIO cluster. For example, ``https://minio.example.net:9000``.

 From the Console, click :guilabel:`BUTTON` to begin the OpenID authentication
 flow.
@ -234,4 +236,4 @@ access key, secret key, session token, and expiration date. Applications
 can use the access key and secret key to access and perform operations on
 MinIO.

-SEe the :ref:`minio-sts-assumerolewithwebidentity` for reference documentation.
+See the :ref:`minio-sts-assumerolewithwebidentity` for reference documentation.