From 6a1697c9f52e62d43c46b61e4dd844207398dd0b Mon Sep 17 00:00:00 2001
From: Ravind Kumar <ravind@min.io>
Date: Thu, 5 Oct 2023 16:59:43 -0400
Subject: [PATCH] DOCS-1022: Use 'mc idp ldap policy' for AD/LDAP policy
 assignments (#1026)

---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
---
 .../ad-ldap-access-management.rst              | 18 ++++++++++++------
 .../minio-mc-admin/mc-admin-policy-attach.rst  |  7 +++++++
 .../minio-mc-admin/mc-admin-policy-detach.rst  | 10 +++++++++-
 .../mc-admin-policy-entities.rst               |  7 +++++++
 4 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/source/administration/identity-access-management/ad-ldap-access-management.rst b/source/administration/identity-access-management/ad-ldap-access-management.rst
index e39ac187..ac40b511 100644
--- a/source/administration/identity-access-management/ad-ldap-access-management.rst
+++ b/source/administration/identity-access-management/ad-ldap-access-management.rst
@@ -66,12 +66,15 @@ Use either of the following methods to create a new access key:
 Mapping Policies to User DN
 ---------------------------
 
-Consider the following policy assignments:
+The following commands use :mc-cmd:`mc idp ldap policy attach` to associate an existing MinIO :ref:`policy <minio-policy>` to an AD/LDAP User DN.
 
 .. code-block:: shell
 
-   mc admin policy attach myminio consoleAdmin --user='cn=sisko,cn=users,dc=example,dc=com'
-   mc admin policy attach myminio readwrite,diagnostics --user='cn=dax,cn=users,dc=example,dc=com'
+   mc idp ldap policy attach myminio consoleAdmin \ 
+     --user='cn=sisko,cn=users,dc=example,dc=com'
+   
+   mc idp ldap policy attach myminio readwrite,diagnostics \
+     --user='cn=dax,cn=users,dc=example,dc=com'
 
 - MinIO would assign an authenticated user with DN matching 
   ``cn=sisko,cn=users,dc=example,dc=com`` the :userpolicy:`consoleAdmin`
@@ -88,12 +91,15 @@ Consider the following policy assignments:
 Mapping Policies to Group DN
 ----------------------------
 
-Consider the following policy assignments:
+The following commands use :mc-cmd:`mc idp ldap policy attach` to associate an existing MinIO :ref:`policy <minio-policy>` to an AD/LDAP Group DN.
 
 .. code-block:: shell
 
-   mc admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com'
-   mc admin policy attach myminio diagnostics --group='cn=engineering,cn=groups,dc=example,dc=com'
+   mc idp ldap policy attach myminio consoleAdmin \
+     --group='cn=ops,cn=groups,dc=example,dc=com'
+
+   mc idp ldap policy attach myminio diagnostics \
+     --group='cn=engineering,cn=groups,dc=example,dc=com'
 
 - MinIO would assign any authenticating user with membership in the
   ``cn=ops,cn=groups,dc=example,dc=com`` AD/LDAP group the
diff --git a/source/reference/minio-mc-admin/mc-admin-policy-attach.rst b/source/reference/minio-mc-admin/mc-admin-policy-attach.rst
index 17970f07..f2bac042 100644
--- a/source/reference/minio-mc-admin/mc-admin-policy-attach.rst
+++ b/source/reference/minio-mc-admin/mc-admin-policy-attach.rst
@@ -55,6 +55,13 @@ Exactly one :mc-cmd:`~mc admin policy attach --user` or one :mc-cmd:`~mc admin p
          :start-after: start-minio-syntax
          :end-before: end-minio-syntax
 
+.. important::
+
+   This command is intended for managing policy associations for :ref:`MinIO-managed <minio-users>` users only.
+
+   For attaching policies to OpenID-managed users, see :ref:`minio-external-identity-management-openid`.
+
+   For attaching policies to Active Directory/LDAP users or groups, use :mc-cmd:`mc idp ldap policy attach`.
 
 Parameters
 ~~~~~~~~~~
diff --git a/source/reference/minio-mc-admin/mc-admin-policy-detach.rst b/source/reference/minio-mc-admin/mc-admin-policy-detach.rst
index 173d87d6..f063eb00 100644
--- a/source/reference/minio-mc-admin/mc-admin-policy-detach.rst
+++ b/source/reference/minio-mc-admin/mc-admin-policy-detach.rst
@@ -15,7 +15,7 @@ Syntax
 
 .. start-mc-admin-policy-detach-desc
 
-Remove one or more IAM policies from a user or group identity. 
+Remove one or more IAM policies from either a :ref:`MinIO-managed user or a group <minio-users>`. 
 
 .. end-mc-admin-policy-detach-desc
 
@@ -51,6 +51,14 @@ Exactly one :mc-cmd:`~mc admin policy detach --user` or one :mc-cmd:`~mc admin p
          :end-before: end-minio-syntax
 
 
+.. important::
+
+   This command is intended for managing policy associations for :ref:`MinIO-managed <minio-users>` users only.
+
+   For managing policies to OpenID-managed users, see :ref:`minio-external-identity-management-openid`.
+
+   For detaching policies from Active Directory/LDAP users or groups, use :mc-cmd:`mc idp ldap policy detach`.
+
 Parameters
 ~~~~~~~~~~
 
diff --git a/source/reference/minio-mc-admin/mc-admin-policy-entities.rst b/source/reference/minio-mc-admin/mc-admin-policy-entities.rst
index 4891e2cd..12fba977 100644
--- a/source/reference/minio-mc-admin/mc-admin-policy-entities.rst
+++ b/source/reference/minio-mc-admin/mc-admin-policy-entities.rst
@@ -57,6 +57,13 @@ For example, you can list all of the users and groups attached to a policy or li
          :start-after: start-minio-syntax
          :end-before: end-minio-syntax
 
+.. important::
+
+   This command is intended for managing policy associations for :ref:`MinIO-managed <minio-users>` users only.
+
+   For managing policies to OpenID-managed users, see :ref:`minio-external-identity-management-openid`.
+
+   For viewing policies for Active Directory/LDAP users or groups, use :mc-cmd:`mc idp ldap policy entities`.
 
 Parameters
 ~~~~~~~~~~