Updated LDAP docs (#939)

Update the AD/LDAP configuration instructions, including adding details about configuring with Console. Includes reformatting some existing content. Questions: - What, exactly, is the status of the `mc admin config identity_ldap` settings? Deprecated? There, but not recommended for new configurations? - Are the "all settings" examples correct and appropriate? I'm not clear if `mc idp ldap` supports the same settings with the same names as `identity_ldap`. Staged: http://192.241.195.202:9000/staging/DOCS-919/linux/html/operations/external-iam/configure-ad-ldap-external-identity-management.html Fixes https://github.com/minio/docs/issues/919 --------- Co-authored-by: Ravind Kumar <ravind@min.io> Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
2025-07-28 19:42:10 +03:00 · 2023-08-10 09:44:12 -06:00
parent a5729b78e5
commit 8f598693f0
6 changed files with 148 additions and 106 deletions
--- a/source/reference/minio-mc-admin/mc-admin-config.rst
+++ b/source/reference/minio-mc-admin/mc-admin-config.rst
@ -2299,9 +2299,18 @@ Active Directory / LDAP Identity Management
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 The following section documents settings for enabling external identity 
-management using an Active Directory or LDAP service. See 
-:ref:`minio-external-identity-management-ad-ldap` for a tutorial on using these 
-configuration settings.
+management using an Active Directory or LDAP service.
+
+.. admonition:: :mc:`mc idp ldap` commands are preferred
+   :class: note
+
+   .. versionadded:: RELEASE.2023-05-26T23-31-54Z
+
+      MinIO recommends using the :mc:`mc idp ldap` commands for LDAP management operations.
+      These commands offer better validation and additional features, while providing the same settings as the :mc-conf:`identity_ldap` configuration key.
+      See :ref:`minio-external-identity-management-ad-ldap` for a tutorial on using :mc:`mc idp ldap`.
+
+      The :mc-conf:`identity_ldap` configuration key remains available for existing scripts and other tools.

 .. mc-conf:: identity_ldap

@ -2309,7 +2318,7 @@ configuration settings.
   :ref:`external identity management using Active Directory or LDAP 
   <minio-external-identity-management-ad-ldap>`.

-   Use the :mc-cmd:`mc admin config set` to set or update the 
+   Use the :mc-cmd:`mc admin config set` command to set or update the 
   AD/LDAP configuration. The following arguments are *required*:

   - :mc-conf:`~identity_ldap.server_addr`
@ -2323,7 +2332,7 @@ configuration settings.

      mc admin config set identity_ldap \
         enabled="true" \
-         server_addr="https://ad-ldap.example.net/" \
+         server_addr="ad-ldap.example.net/" \
         lookup_bind_dn="cn=miniolookupuser,dc=example,dc=net" \
         lookup_bind_dn_password="userpassword" \
         user_dn_search_base_dn="dc=example,dc=net" \
--- a/source/reference/minio-mc/mc-idp-ldap.rst
+++ b/source/reference/minio-mc/mc-idp-ldap.rst
@ -25,7 +25,9 @@ The :mc-cmd:`mc idp ldap` commands allow you to manage configurations to 3rd par

 .. end-mc-idp-ldap-desc

-Define configuration settings as an alternative to using environment variables when :ref:`setting up an AD/LDAP connection <minio-authenticate-using-ad-ldap-generic>`. The :mc-cmd:`mc idp ldap` commands are only supported against MinIO deployments.
+The :mc-cmd:`mc idp ldap` commands are an alternative to using environment variables when :ref:`setting up an AD/LDAP connection <minio-authenticate-using-ad-ldap-generic>`. They are only supported against MinIO deployments.
+
+See :ref:`minio-external-identity-management-ad-ldap` for a tutorial on using these commands.

 .. note::

@ -67,8 +69,8 @@ The :mc-cmd:`mc idp ldap` command has the following subcommands:
 Configuration Parameters
 ------------------------

-The :mc-cmd:`mc idp ldap` subcommands support configuration parameters.
-The parameters define the server's interaction with the Active Directory or LDAP IAM provider.
+The :mc-cmd:`mc idp ldap` subcommands support the same configuration parameters as the :mc-conf:`identity_ldap` configuration key.
+These parameters define the server's interaction with the Active Directory or LDAP IAM provider.

 For a more detailed explanation of the configuration parameters, refer to the :ref:`config setting documentation <minio-ldap-config-settings>`.