minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-31 18:04:52 +03:00
Code Activity

DOCS-1022: Use 'mc idp ldap policy' for AD/LDAP policy assignments (#1026)

Browse Source 
---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
This commit is contained in:
Ravind Kumar
2023-10-05 16:59:43 -04:00
committed by GitHub
parent 091a321e32
commit 6a1697c9f5
4 changed files with 35 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
source/administration/identity-access-management/ad-ldap-access-management.rst
View File

@ -66,12 +66,15 @@ Use either of the following methods to create a new access key:
Mapping Policies to User DN Mapping Policies to User DN
--------------------------- ---------------------------
Consider the following policy assignments: The following commands use :mc-cmd:`mc idp ldap policy attach` to associate an existing MinIO :ref:`policy <minio-policy>` to an AD/LDAP User DN.
.. code-block:: shell .. code-block:: shell
mc admin policy attach myminio consoleAdmin --user='cn=sisko,cn=users,dc=example,dc=com' mc idp ldap policy attach myminio consoleAdmin \
mc admin policy attach myminio readwrite,diagnostics --user='cn=dax,cn=users,dc=example,dc=com' --user='cn=sisko,cn=users,dc=example,dc=com'
mc idp ldap policy attach myminio readwrite,diagnostics \
--user='cn=dax,cn=users,dc=example,dc=com'
- MinIO would assign an authenticated user with DN matching - MinIO would assign an authenticated user with DN matching
``cn=sisko,cn=users,dc=example,dc=com`` the :userpolicy:`consoleAdmin` ``cn=sisko,cn=users,dc=example,dc=com`` the :userpolicy:`consoleAdmin`
@ -88,12 +91,15 @@ Consider the following policy assignments:
Mapping Policies to Group DN Mapping Policies to Group DN
---------------------------- ----------------------------
Consider the following policy assignments: The following commands use :mc-cmd:`mc idp ldap policy attach` to associate an existing MinIO :ref:`policy <minio-policy>` to an AD/LDAP Group DN.
.. code-block:: shell .. code-block:: shell
mc admin policy attach myminio consoleAdmin --group='cn=ops,cn=groups,dc=example,dc=com' mc idp ldap policy attach myminio consoleAdmin \
mc admin policy attach myminio diagnostics --group='cn=engineering,cn=groups,dc=example,dc=com' --group='cn=ops,cn=groups,dc=example,dc=com'
mc idp ldap policy attach myminio diagnostics \
--group='cn=engineering,cn=groups,dc=example,dc=com'
- MinIO would assign any authenticating user with membership in the - MinIO would assign any authenticating user with membership in the
``cn=ops,cn=groups,dc=example,dc=com`` AD/LDAP group the ``cn=ops,cn=groups,dc=example,dc=com`` AD/LDAP group the

7
source/reference/minio-mc-admin/mc-admin-policy-attach.rst
View File

@ -55,6 +55,13 @@ Exactly one :mc-cmd:`~mc admin policy attach --user` or one :mc-cmd:`~mc admin p
:start-after: start-minio-syntax :start-after: start-minio-syntax
:end-before: end-minio-syntax :end-before: end-minio-syntax
.. important::
This command is intended for managing policy associations for :ref:`MinIO-managed <minio-users>` users only.
For attaching policies to OpenID-managed users, see :ref:`minio-external-identity-management-openid`.
For attaching policies to Active Directory/LDAP users or groups, use :mc-cmd:`mc idp ldap policy attach`.
Parameters Parameters
~~~~~~~~~~ ~~~~~~~~~~

10
source/reference/minio-mc-admin/mc-admin-policy-detach.rst
View File

@ -15,7 +15,7 @@ Syntax
.. start-mc-admin-policy-detach-desc .. start-mc-admin-policy-detach-desc
Remove one or more IAM policies from a user or group identity. Remove one or more IAM policies from either a :ref:`MinIO-managed user or a group <minio-users>`.
.. end-mc-admin-policy-detach-desc .. end-mc-admin-policy-detach-desc
@ -51,6 +51,14 @@ Exactly one :mc-cmd:`~mc admin policy detach --user` or one :mc-cmd:`~mc admin p
:end-before: end-minio-syntax :end-before: end-minio-syntax
.. important::
This command is intended for managing policy associations for :ref:`MinIO-managed <minio-users>` users only.
For managing policies to OpenID-managed users, see :ref:`minio-external-identity-management-openid`.
For detaching policies from Active Directory/LDAP users or groups, use :mc-cmd:`mc idp ldap policy detach`.
Parameters Parameters
~~~~~~~~~~ ~~~~~~~~~~

7
source/reference/minio-mc-admin/mc-admin-policy-entities.rst
View File

@ -57,6 +57,13 @@ For example, you can list all of the users and groups attached to a policy or li
:start-after: start-minio-syntax :start-after: start-minio-syntax
:end-before: end-minio-syntax :end-before: end-minio-syntax
.. important::
This command is intended for managing policy associations for :ref:`MinIO-managed <minio-users>` users only.
For managing policies to OpenID-managed users, see :ref:`minio-external-identity-management-openid`.
For viewing policies for Active Directory/LDAP users or groups, use :mc-cmd:`mc idp ldap policy entities`.
Parameters Parameters
~~~~~~~~~~ ~~~~~~~~~~