From 9ea539b8ab4748e1bb52bb093513f64714faded3 Mon Sep 17 00:00:00 2001 From: Andrea Longo Date: Fri, 18 Aug 2023 13:50:15 -0600 Subject: [PATCH] Restructure/expand mc idp ldap reference pages (#959) Improve the AD/LDAP reference docs: - Break up `mc idp ldap` and `mc idp ldap policy` into parents/children. - Add commands from the `identity_ldap` configuration key to `mc idp ldap add` and `mc idp ldap update`. - Update links from relevant envvars to `mc idp ldap` instead of `identity_ldap` - Fix stuff that needs fixing. Staged: http://192.241.195.202:9000/staging/DOCS-919-4-idp-ldap/linux/html/reference/minio-mc/mc-idp-ldap.html http://192.241.195.202:9000/staging/DOCS-919-4-idp-ldap/linux/html/reference/minio-mc/mc-idp-ldap-policy.html Fixes https://github.com/minio/docs/issues/940 --------- Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com> --- .../includes/common-minio-ad-ldap-params.rst | 129 ++++++++ .../includes/common-minio-external-auth.rst | 18 +- source/reference/minio-mc/mc-idp-ldap-add.rst | 105 +++++++ .../minio-mc/mc-idp-ldap-disable.rst | 85 +++++ .../reference/minio-mc/mc-idp-ldap-enable.rst | 85 +++++ .../reference/minio-mc/mc-idp-ldap-info.rst | 85 +++++ source/reference/minio-mc/mc-idp-ldap-ls.rst | 88 ++++++ .../minio-mc/mc-idp-ldap-policy-attach.rst | 112 +++++++ .../minio-mc/mc-idp-ldap-policy-detach.rst | 112 +++++++ .../minio-mc/mc-idp-ldap-policy-entities.rst | 113 +++++++ .../reference/minio-mc/mc-idp-ldap-policy.rst | 171 +--------- source/reference/minio-mc/mc-idp-ldap-rm.rst | 88 ++++++ .../reference/minio-mc/mc-idp-ldap-update.rst | 94 ++++++ source/reference/minio-mc/mc-idp-ldap.rst | 292 +++--------------- .../reference/minio-server/minio-server.rst | 47 +-- 15 files changed, 1187 insertions(+), 437 deletions(-) create mode 100644 source/includes/common-minio-ad-ldap-params.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-add.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-disable.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-enable.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-info.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-ls.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-policy-attach.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-policy-detach.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-policy-entities.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-rm.rst create mode 100644 source/reference/minio-mc/mc-idp-ldap-update.rst diff --git a/source/includes/common-minio-ad-ldap-params.rst b/source/includes/common-minio-ad-ldap-params.rst new file mode 100644 index 00000000..efda86f7 --- /dev/null +++ b/source/includes/common-minio-ad-ldap-params.rst @@ -0,0 +1,129 @@ +.. Descriptions for External Identity Management using an LDAP Provider + Used in the following files: + - /source/reference/minio-mc/mc-idp-ldap-add.rst + - /source/reference/minio-mc/mc-idp-ldap-update.rst + + Does not include ALIAS, as the example differs between add and update + +.. start-minio-ad-ldap-params + +.. mc-cmd:: server_addr + :required: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-server-addr + :end-before: end-minio-ad-ldap-server-addr + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_ADDR` environment variable. + +.. mc-cmd:: lookup_bind_dn + :required: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-lookup-bind-dn + :end-before: end-minio-ad-ldap-lookup-bind-dn + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN` environment variable. + +.. mc-cmd:: lookup_bind_password + :required: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-lookup-bind-password + :end-before: end-minio-ad-ldap-lookup-bind-password + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD` environment variable. + +.. mc-cmd:: user_dn_search_base_dn + :required: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-user-dn-search-base-dn + :end-before: end-minio-ad-ldap-user-dn-search-base-dn + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN` environment variable. + +.. mc-cmd:: user_dn_search_filter + :required: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-user-dn-search-filter + :end-before: end-minio-ad-ldap-user-dn-search-filter + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER` environment variable. + +.. mc-cmd:: comment + :optional: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-comment + :end-before: end-minio-ad-ldap-comment + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_COMMENT` environment variable. + +.. mc-cmd:: enabled + :optional: + + Set to ``false`` to disable the AD/LDAP configuration. + + If ``false``, applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider. + + Defaults to ``true`` or "enabled". + +.. mc-cmd:: group_search_base_dn + :optional: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-group-search-base-dn + :end-before: end-minio-ad-ldap-group-search-base-dn + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN` environment variable. + +.. mc-cmd:: group_search_filter + :optional: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-group-search-filter + :end-before: end-minio-ad-ldap-group-search-filter + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER` environment variable. + +.. mc-cmd:: server_insecure + :optional: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-server-insecure + :end-before: end-minio-ad-ldap-server-insecure + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_INSECURE` environment variable. + +.. mc-cmd:: server_starttls + :optional: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-server-starttls + :end-before: end-minio-ad-ldap-server-starttls + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_STARTTLS` environment variable. + +.. mc-cmd:: srv_record_name + :optional: + + .. versionadded:: RELEASE.2022-12-12T19-27-27Z + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-srv_record_name + :end-before: end-minio-ad-ldap-srv_record_name + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SRV_RECORD_NAME` environment variable. + +.. mc-cmd:: tls_skip_verify + :optional: + + .. include:: /includes/common-minio-external-auth.rst + :start-after: start-minio-ad-ldap-tls-skip-verify + :end-before: end-minio-ad-ldap-tls-skip-verify + + This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY` environment variable. + +.. end-minio-ad-ldap-params diff --git a/source/includes/common-minio-external-auth.rst b/source/includes/common-minio-external-auth.rst index 71b90a4f..6467aebd 100644 --- a/source/includes/common-minio-external-auth.rst +++ b/source/includes/common-minio-external-auth.rst @@ -163,8 +163,17 @@ provider configuration. Specify the hostname for the Active Directory / LDAP server. For example: -``ldapserver.com:636`` +.. code-block:: shell + :class: copyable + ldapserver.com:636 + +.. admonition:: :mc-cmd:`~mc idp ldap add srv_record_name` automatically identifies the port + :class: note + + If your AD/LDAP server uses :mc-cmd:`DNS SRV Records `, do *not* append the port number to your :mc-cmd:`~mc idp ldap add server_addr` value. + SRV requests automatically include port numbers when returning the list of available servers. + .. end-minio-ad-ldap-server-addr .. start-minio-ad-ldap-lookup-bind-dn @@ -187,11 +196,14 @@ Specify the password for the :ref:`Lookup-Bind .. start-minio-ad-ldap-user-dn-search-base-dn -Specify the base Distinguished name (DN) MinIO uses when querying for +Specify the base Distinguished Name (DN) MinIO uses when querying for user credentials matching those provided by an authenticating client. For example: -``cn=miniousers,dc=myldapserver,dc=net`` +.. code-block:: shell + :class: copyable + + cn=miniousers,dc=myldapserver,dc=net Supports :ref:`Lookup-Bind ` mode. diff --git a/source/reference/minio-mc/mc-idp-ldap-add.rst b/source/reference/minio-mc/mc-idp-ldap-add.rst new file mode 100644 index 00000000..5d7de6f6 --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-add.rst @@ -0,0 +1,105 @@ +.. _minio-mc-idp-ldap-add: + +=================== +``mc idp ldap add`` +=================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap add + + +Description +----------- + +.. start-mc-idp-ldap-add-desc + +The :mc:`mc idp ldap add` command creates an AD/LDAP IDP server configuration. + +.. end-mc-idp-ldap-add-desc + +MinIO supports no more than *one* (1) AD/LDAP provider per deployment. + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example sets the AD/LDAP configuration settings for the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap add \ + myminio \ + server_addr=myldapserver:636 \ + lookup_bind_dn=cn=admin,dc=min,dc=io \ + lookup_bind_password=somesecret \ + user_dn_search_base_dn=dc=min,dc=io \ + user_dn_search_filter="(uid=%s)" \ + group_search_base_dn=ou=swengg,dc=min,dc=io \ + group_search_filter="(&(objectclass=groupofnames)(member=%d))" + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap add \ + ALIAS \ + [CFG_PARAM1] \ + [CFG_PARAM2]... + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to create for AD/LDAP integration. + - Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting ` key-value pairs in the format of ``PARAMETER="value"``. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment on which to add an AD/LDAP integration. + + For example: + + .. code-block:: none + + mc idp ldap add myminio \ + server_addr=myldapserver:636 \ + lookup_bind_dn=cn=admin,dc=min,dc=io \ + lookup_bind_password=somesecret \ + user_dn_search_base_dn=dc=min,dc=io \ + user_dn_search_filter="(uid=%s)" \ + +.. include:: /includes/common-minio-ad-ldap-params.rst + :start-after: start-minio-ad-ldap-params + :end-before: end-minio-ad-ldap-params + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-disable.rst b/source/reference/minio-mc/mc-idp-ldap-disable.rst new file mode 100644 index 00000000..b2b0943b --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-disable.rst @@ -0,0 +1,85 @@ +.. _minio-mc-idp-ldap-disable: + +======================= +``mc idp ldap disable`` +======================= + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap disable + + +Description +----------- + +.. start-mc-idp-ldap-disable-desc + +The :mc:`mc idp ldap disable` command disables the currently configured AD/LDAP provider. + +.. end-mc-idp-ldap-disable-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example disables the AD/LDAP configurations on the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap disable \ + myminio + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap disable \ + ALIAS + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to disable the AD/LDAP integration. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment for which to disable the AD/LDAP integration. + + For example: + + .. code-block:: none + + mc idp ldap disable myminio + + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-enable.rst b/source/reference/minio-mc/mc-idp-ldap-enable.rst new file mode 100644 index 00000000..c406683e --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-enable.rst @@ -0,0 +1,85 @@ +.. _minio-mc-idp-ldap-enable: + +====================== +``mc idp ldap enable`` +====================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap enable + + +Description +----------- + +.. start-mc-idp-ldap-enable-desc + +The :mc:`mc idp ldap enable` command enables the currently configured AD/LDAP provider. + +.. end-mc-idp-ldap-enable-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example enables the AD/LDAP configurations on the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap enable \ + myminio + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap enable \ + ALIAS + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to enable the AD/LDAP integration. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment for which to enable the AD/LDAP integration. + + For example: + + .. code-block:: none + + mc idp ldap enable myminio + + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-info.rst b/source/reference/minio-mc/mc-idp-ldap-info.rst new file mode 100644 index 00000000..deb5e89a --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-info.rst @@ -0,0 +1,85 @@ +.. _minio-mc-idp-ldap-info: + +==================== +``mc idp ldap info`` +==================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap info + + +Description +----------- + +.. start-mc-idp-ldap-info-desc + +The :mc:`mc idp ldap info` command outputs the current configuration for an AD/LDAP provider on a specified MinIO deployment. + +.. end-mc-idp-ldap-info-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example outputs the AD/LDAP configuration settings on the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap info \ + myminio + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap info \ + ALIAS + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to retrieve info on the AD/LDAP integration. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment for which to output the current AD/LDAP configuration. + + For example: + + .. code-block:: none + + mc idp ldap info myminio + + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-ls.rst b/source/reference/minio-mc/mc-idp-ldap-ls.rst new file mode 100644 index 00000000..56ba702e --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-ls.rst @@ -0,0 +1,88 @@ +.. _minio-mc-idp-ldap-ls: + +================== +``mc idp ldap ls`` +================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap ls +.. mc:: mc idp ldap list + + +Description +----------- + +.. start-mc-idp-ldap-ls-desc + +The :mc:`mc idp ldap ls` command lists the existing set of configurations for an AD/LDAP provider. + +.. end-mc-idp-ldap-ls-desc + +:mc:`mc idp ldap ls` is also known as :mc:`mc idp ldap list`. + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example lists the AD/LDAP configuration settings for the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap ls \ + myminio + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap ls \ + ALIAS + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to list the AD/LDAP integration. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment for which to output the current AD/LDAP configuration. + + For example: + + .. code-block:: none + + mc idp ldap ls myminio + + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-policy-attach.rst b/source/reference/minio-mc/mc-idp-ldap-policy-attach.rst new file mode 100644 index 00000000..fd09c1b3 --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-policy-attach.rst @@ -0,0 +1,112 @@ +.. _minio-mc-idp-ldap-policy-attach: + +============================= +``mc idp ldap policy attach`` +============================= + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap policy attach + + +Description +----------- + +.. start-mc-idp-ldap-policy-attach-desc + +The :mc:`mc idp ldap policy attach` command attaches one or more polices to an entity. + +.. end-mc-idp-ldap-policy-attach-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example attaches the policy ``userpolicy`` to the user ``bobfisher`` on the ``myminio`` deployment: + + .. code-block:: shell + :class: copyable + + mc idp ldap policy attach myminio \ + userpolicy \ + --user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap policy attach \ + POLICYNAME \ + [POLICY2] ... \ + ALIAS \ + [--user=`USER`] \ + [--group=`GROUP`] + + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to configure for AD/LDAP integration. + - Replace ``POLICYNAME`` with the policy to attach to the entity. + You may list multiple policies to attach to the entity. + - Use must use one of either the ``--user`` or ``--group`` flag. + You may only use the flag once in the command. + You cannot use both flags in the same command. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment with the entity to which to attach a policy. + + For example: + + .. code-block:: none + + mc idp ldap policy attach myminio \ + userpolicy \ + --user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' + + +Example +~~~~~~~ + +The following example attaches two policies, ``policy1`` and ``policy2``, to the ``projectb`` group on the ``myminio`` deployment: + +.. code-block:: shell + :class: copyable + + mc idp ldap policy attach myminio \ + policy1 \ + policy2 \ + --group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-policy-detach.rst b/source/reference/minio-mc/mc-idp-ldap-policy-detach.rst new file mode 100644 index 00000000..bf36826e --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-policy-detach.rst @@ -0,0 +1,112 @@ +.. _minio-mc-idp-ldap-policy-detach: + +============================= +``mc idp ldap policy detach`` +============================= + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap policy detach + + +Description +----------- + +.. start-mc-idp-ldap-policy-detach-desc + +The :mc:`mc idp ldap policy detach` command detaches one or more polices from an entity. + +.. end-mc-idp-ldap-policy-detach-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example detaches the policy ``userpolicy`` from the user ``bobfisher`` on the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap policy detach myminio \ + userpolicy \ + --user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap policy detach \ + POLICYNAME \ + [POLICY2] ... \ + ALIAS \ + [--user=`USER`] \ + [--group=`GROUP`] + + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to configure for AD/LDAP integration. + - Replace ``POLICYNAME`` with the policy to detach from the entity. + You may list multiple policies to detach from the entity. + - Use must use one of either the ``--user`` or ``--group`` flag. + You may only use the flag once in the command. + You cannot use both flags in the same command. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment with the entity from which to detach a policy. + + For example: + + .. code-block:: none + + mc idp ldap policy detach myminio \ + userpolicy \ + --user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' + + +Example +~~~~~~~ + +The following example detaches two policies, ``policy1`` and ``policy2``, from the ``projectb`` group on the ``myminio`` deployment: + +.. code-block:: shell + :class: copyable + + mc idp ldap policy detach myminio \ + policy1 \ + policy2 \ + --group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-policy-entities.rst b/source/reference/minio-mc/mc-idp-ldap-policy-entities.rst new file mode 100644 index 00000000..30bab71b --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-policy-entities.rst @@ -0,0 +1,113 @@ +.. _minio-mc-idp-ldap-policy-entities: + +=============================== +``mc idp ldap policy entities`` +=============================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap policy entities + + +Description +----------- + +.. start-mc-idp-ldap-policy-entities-desc + +The :mc:`mc idp ldap policy entities` command displays a list of mappings for a user, group, and/or policy. + +.. end-mc-idp-ldap-policy-entities-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example lists all mappings for a specific policy, a set of groups, and a selection of users on the ``myminio`` deployment. + + Specifically, it lists: + + - Users mapped to the ``finteam-policy`` policy. + - Policies assigned to the ``uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io`` user. + - Policies assigned to the ``cn=projectb,ou=groups,ou=swengg,dc=min,dc=io`` group. + + .. code-block:: shell + :class: copyable + + mc idp ldap policy entities myminio \ + --policy finteam-policy \ + --user 'uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' \ + --group 'cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap policy entities \ + ALIAS \ + [--user `value`, -u `value`] \ + [--group `value`, -g `value`] \ + [--policy value] + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to configure for AD/LDAP integration. + - You may use each of the ``--user``, ``--group``, and/or ``--policy`` flags as many times as desired in the command. + - For each flag, the output lists the entities mapped to the specified policy, user, or group. + - Omit all flags to return a list of mappings for all policies. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment for which to display the entity mappings. + + For example: + + .. code-block:: none + + mc idp ldap policy entities myminio + + +Example +~~~~~~~ + +The following example lists the entities mapped to each of two policies, ``policy1`` and ``policy2`` and entities mapped to the ``projectb`` group on the ``myminio`` deployment: + +.. code-block:: shell + :class: copyable + + mc idp ldap policy entities myminio \ + policy1 \ + policy2 \ + --group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-policy.rst b/source/reference/minio-mc/mc-idp-ldap-policy.rst index 47f0f8d3..f97d52b7 100644 --- a/source/reference/minio-mc/mc-idp-ldap-policy.rst +++ b/source/reference/minio-mc/mc-idp-ldap-policy.rst @@ -21,11 +21,11 @@ Description .. start-mc-idp-ldap-policy-desc -The :mc-cmd:`mc idp ldap policy` commands allow you to view the mapping relationships between policies and the associated groups or users. The :mc-cmd:`mc idp ldap policy` commands are only supported against MinIO deployments. - +The :mc-cmd:`mc idp ldap policy` commands show the mapping relationships between policies and the associated groups or users. .. end-mc-idp-ldap-policy-desc +The :mc-cmd:`mc idp ldap policy` commands are only supported against MinIO deployments. The :mc-cmd:`mc idp ldap policy` command has the following subcommands: @@ -37,161 +37,24 @@ The :mc-cmd:`mc idp ldap policy` command has the following subcommands: - Description * - :mc-cmd:`mc idp ldap policy attach` - - Attach a policy to an entity + - .. include:: /reference/minio-mc/mc-idp-ldap-policy-attach.rst + :start-after: start-mc-idp-ldap-policy-attach-desc + :end-before: end-mc-idp-ldap-policy-attach-desc * - :mc-cmd:`mc idp ldap policy detach` - - Detach a policy from an entity + - .. include:: /reference/minio-mc/mc-idp-ldap-policy-detach.rst + :start-after: start-mc-idp-ldap-policy-detach-desc + :end-before: end-mc-idp-ldap-policy-detach-desc * - :mc-cmd:`mc idp ldap policy entities` - - List policy entity mappings + - .. include:: /reference/minio-mc/mc-idp-ldap-policy-entities.rst + :start-after: start-mc-idp-ldap-policy-entities-desc + :end-before: end-mc-idp-ldap-policy-entities-desc -Syntax ------- +.. toctree:: + :titlesonly: + :hidden: -.. mc-cmd:: attach - - Attach one or more polices to an entity. - - .. tab-set:: - - .. tab-item:: EXAMPLES - - The following example attaches two policies, ``policy1`` and ``policy2``, to the ``projectb`` group on the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap policy attach myminio/ \ - policy1 \ - policy2 \ - --group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' - - - The following example attaches the policy, ``userpolicy``, to the user ``bobfisher`` on the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap policy attach myminio/ \ - mypolicy \ - policy2 \ - --user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap policy attach \ - POLICYNAME \ - [POLICY2] ... \ - ALIAS \ - [--user=`USER`] \ - [--group=`GROUP`] - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to configure for AD/LDAP integration. - - Replace ``POLICYNAME`` with the policy to attach to the entity. - You may list multiple policies to attach to the entity. - - Use must use one of either the ``--user`` or ``--group`` flag. - You may only use the flag once in the command. - You cannot use both flags in the same command. - - -.. mc-cmd:: detach - - Detach one or more policies from an entity. - - .. tab-set:: - - .. tab-item:: EXAMPLES - - The following example detaches two policies, ``policy1`` and ``policy2``, from the ``projectb`` group on the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap policy detach myminio/ \ - policy1 \ - policy2 \ - --group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' - - - The following example detaches the policy, ``userpolicy``, from the user ``bobfisher`` on the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap policy detach myminio/ \ - mypolicy \ - policy2 \ - --user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap policy detach \ - POLICYNAME \ - [POLICY2] ... \ - ALIAS \ - [--user=`USER`] \ - [--group=`GROUP`] - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to configure for AD/LDAP integration. - - Replace ``POLICYNAME`` with the policy to detach from the entity. - You may list multiple policies to detach from the entity. - - Use must use one of either the ``--user`` or ``--group`` flag. - You may only use the flag once in the command. - You cannot use both flags in the same command. - -.. mc-cmd:: entities - - Display a list of mappings for a user, group, and/or policy. - - .. tab-set:: - - .. tab-item:: EXAMPLES - - The following example lists all mappings for a specific policy, a set of groups, and a selection of users on the ``myminio`` deployment. - - Specifically, it lists - - Users mapped to the ``finteam-policy`` policy. - - Policies assigned to the ``uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io`` user - - Policies assigned to the ``cn=projectb,ou=groups,ou=swengg,dc=min,dc=io`` group - - .. code-block:: shell - :class: copyable - - mc idp ldap policy entities myminio/ \ - --policy finteam-policy \ - --user 'uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' \ - --group 'cn=projectb,ou=groups,ou=swengg,dc=min,dc=io' - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap policy entities \ - ALIAS \ - [--user `value`, -u `value`] \ - [--group `value`, -g `value`] \ - [--policy value] - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to configure for AD/LDAP integration. - - You may use each of the ``--user``, ``--group``, and/or ``--policy`` flags as many times as desired in the command. - - For each flag, the output lists the entities mapped to the specified policy, user, or group. - - Omit all flags to return a list of mappings for all policies. - - -Global Flags ------------- - -.. include:: /includes/common-minio-mc.rst - :start-after: start-minio-mc-globals - :end-before: end-minio-mc-globals + /reference/minio-mc/mc-idp-ldap-policy-attach + /reference/minio-mc/mc-idp-ldap-policy-detach + /reference/minio-mc/mc-idp-ldap-policy-entities diff --git a/source/reference/minio-mc/mc-idp-ldap-rm.rst b/source/reference/minio-mc/mc-idp-ldap-rm.rst new file mode 100644 index 00000000..28d48221 --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-rm.rst @@ -0,0 +1,88 @@ +.. _minio-mc-idp-ldap-rm: + +================== +``mc idp ldap rm`` +================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap rm +.. mc:: mc idp ldap remove + + +Description +----------- + +.. start-mc-idp-ldap-rm-desc + +The :mc:`mc idp ldap rm` command removes the existing configuration for an AD/LDAP provider. + +.. end-mc-idp-ldap-rm-desc + +:mc:`mc idp ldap rm` is also known as :mc:`mc idp ldap remove`. + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example removes the AD/LDAP provider settings for the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap rm \ + myminio + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap rm \ + ALIAS + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to remove the AD/LDAP integration. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment for which to remove the current AD/LDAP configuration. + + For example: + + .. code-block:: none + + mc idp ldap rm myminio + + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap-update.rst b/source/reference/minio-mc/mc-idp-ldap-update.rst new file mode 100644 index 00000000..03d3ce88 --- /dev/null +++ b/source/reference/minio-mc/mc-idp-ldap-update.rst @@ -0,0 +1,94 @@ +.. _minio-mc-idp-ldap-update: + +====================== +``mc idp ldap update`` +====================== + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +.. mc:: mc idp ldap update + + +Description +----------- + +.. start-mc-idp-ldap-update-desc + +The :mc:`mc idp ldap update` command modifies an existing set of configurations for an AD/LDAP provider. + +.. end-mc-idp-ldap-update-desc + +.. tab-set:: + + .. tab-item:: EXAMPLE + + The following example changes two of the AD/LDAP configuration settings for the ``myminio`` deployment. + + .. code-block:: shell + :class: copyable + + mc idp ldap update \ + myminio \ + lookup_bind_dn=cn=admin,dc=min,dc=io \ + lookup_bind_password=somesecret + + .. tab-item:: SYNTAX + + The command has the following syntax: + + .. code-block:: shell + :class: copyable + + mc [GLOBALFLAGS] idp ldap update \ + ALIAS \ + [CFG_PARAM1] \ + [CFG_PARAM2]... + + - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to update for AD/LDAP integration. + - Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting ` key-value pairs in the format of ``PARAMETER="value"``. + + .. include:: /includes/common-minio-mc.rst + :start-after: start-minio-syntax + :end-before: end-minio-syntax + +Parameters +~~~~~~~~~~ + +.. mc-cmd:: ALIAS + :required: + + The :ref:`alias ` of the MinIO deployment on which to modify an AD/LDAP integration. + + For example: + + .. code-block:: none + + mc idp ldap update myminio \ + lookup_bind_dn=cn=admin,dc=min,dc=io \ + +.. include:: /includes/common-minio-ad-ldap-params.rst + :start-after: start-minio-ad-ldap-params + :end-before: end-minio-ad-ldap-params + + +Global Flags +~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-globals + :end-before: end-minio-mc-globals + + +Behavior +-------- + +S3 Compatibility +~~~~~~~~~~~~~~~~ + +.. include:: /includes/common-minio-mc.rst + :start-after: start-minio-mc-s3-compatibility + :end-before: end-minio-mc-s3-compatibility diff --git a/source/reference/minio-mc/mc-idp-ldap.rst b/source/reference/minio-mc/mc-idp-ldap.rst index 1779ce81..d5bad709 100644 --- a/source/reference/minio-mc/mc-idp-ldap.rst +++ b/source/reference/minio-mc/mc-idp-ldap.rst @@ -43,253 +43,55 @@ The :mc-cmd:`mc idp ldap` command has the following subcommands: - Description * - :mc-cmd:`mc idp ldap add` - - Create an AD/LDAP IDP server configuration. - - * - :mc-cmd:`mc idp ldap update` - - Modify an existing AD/LDAP IDP server configuration. - - * - :mc-cmd:`mc idp ldap ls` - - Lists AD/LDAP server configurations. - - * - :mc-cmd:`mc idp ldap rm` - - Remove an AD/LDAP IDP server configuration from a deployment. - - * - :mc-cmd:`mc idp ldap info` - - Displays details for a specific AD/LDAP server configuration. - - * - :mc-cmd:`mc idp ldap enable` - - Enables an AD/LDAP server configuration. + - .. include:: /reference/minio-mc/mc-idp-ldap-add.rst + :start-after: start-mc-idp-ldap-add-desc + :end-before: end-mc-idp-ldap-add-desc * - :mc-cmd:`mc idp ldap disable` - - Disables an AD/LDAP server configuration. + - .. include:: /reference/minio-mc/mc-idp-ldap-disable.rst + :start-after: start-mc-idp-ldap-disable-desc + :end-before: end-mc-idp-ldap-disable-desc + + * - :mc-cmd:`mc idp ldap enable` + - .. include:: /reference/minio-mc/mc-idp-ldap-enable.rst + :start-after: start-mc-idp-ldap-enable-desc + :end-before: end-mc-idp-ldap-enable-desc + + * - :mc-cmd:`mc idp ldap info` + - .. include:: /reference/minio-mc/mc-idp-ldap-info.rst + :start-after: start-mc-idp-ldap-info-desc + :end-before: end-mc-idp-ldap-info-desc + + * - :mc-cmd:`mc idp ldap ls` + - .. include:: /reference/minio-mc/mc-idp-ldap-ls.rst + :start-after: start-mc-idp-ldap-ls-desc + :end-before: end-mc-idp-ldap-ls-desc * - :mc-cmd:`mc idp ldap policy` subcommands - - Manage AD/LDAP policies and entity mappings. - -Configuration Parameters ------------------------- - -The :mc-cmd:`mc idp ldap` subcommands support the same configuration parameters as the :mc-conf:`identity_ldap` configuration key. -These parameters define the server's interaction with the Active Directory or LDAP IAM provider. - -For a more detailed explanation of the configuration parameters, refer to the :ref:`config setting documentation `. - -Syntax ------- - -.. mc-cmd:: add - - Create a new configuration for an AD/LDAP provider. - MinIO supports no more than *one* (1) AD/LDAP provider per deployment. - - .. tab-set:: - - .. tab-item:: EXAMPLE - - The following example sets the AD/LDAP configuration settings for the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap add \ - myminio \ - server_addr=myldapserver:636 \ - lookup_bind_dn=cn=admin,dc=min,dc=io \ - lookup_bind_password=somesecret \ - user_dn_search_base_dn=dc=min,dc=io \ - user_dn_search_filter="(uid=%s)" \ - group_search_base_dn=ou=swengg,dc=min,dc=io \ - group_search_filter="(&(objectclass=groupofnames)(member=%d))" - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap add \ - ALIAS \ - [CFG_PARAM1] \ - [CFG_PARAM2]... - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to create for AD/LDAP integration. - - Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting ` key-value pairs in the format of ``PARAMETER="value"``. - -.. mc-cmd:: update - - Modify an existing set of configurations for an AD/LDAP provider. - - .. tab-set:: - - .. tab-item:: EXAMPLE - - The following example changes two of the AD/LDAP configuration settings for the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap update \ - myminio \ - lookup_bind_dn=cn=admin,dc=min,dc=io \ - lookup_bind_password=somesecret - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap update \ - ALIAS \ - [CFG_PARAM1] \ - [CFG_PARAM2]... - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to update for AD/LDAP integration. - - Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting ` key-value pairs to update in the format of ``PARAMETER="value"``. - -.. mc-cmd:: ls, list - - Lists the existing set of configurations for an AD/LDAP provider. - - .. tab-set:: - - .. tab-item:: EXAMPLE - - The following example lists the AD/LDAP configuration settings for the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap ls myminio - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap ls ALIAS - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to list the AD/LDAP integration. - -.. mc-cmd:: rm, remove - - Remove the existing configuration for an AD/LDAP provider. - - .. tab-set:: - - .. tab-item:: EXAMPLE - - The following example removes the AD/LDAP provider settings for the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap rm myminio - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap rm \ - ALIAS - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to remove the AD/LDAP integration. - - -.. mc-cmd:: info - - Outputs the current configuration for an AD/LDAP provider on a specified MinIO deployment. - - .. tab-set:: - - .. tab-item:: EXAMPLE - - The following example outputs the AD/LDAP configuration settings on the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap info myminio - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap info \ - ALIAS - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to retrieve info on the AD/LDAP integration. - -.. mc-cmd:: enable - - Enables the currently configured AD/LDAP provider. - - .. tab-set:: - - .. tab-item:: EXAMPLE - - The following example enables the AD/LDAP configuration on the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap enable \ - myminio - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap enable \ - ALIAS - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to enable the AD/LDAP integration. - -.. mc-cmd:: disable - - Disables the currently configured AD/LDAP provider. - - .. tab-set:: - - .. tab-item:: EXAMPLE - - The following example disables the AD/LDAP configurations on the ``myminio`` deployment. - - .. code-block:: shell - :class: copyable - - mc idp ldap disable \ - myminio - - .. tab-item:: SYNTAX - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - mc [GLOBALFLAGS] idp ldap disable \ - ALIAS - - - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to disable the AD/LDAP integration. - -Global Flags ------------- - -.. include:: /includes/common-minio-mc.rst - :start-after: start-minio-mc-globals - :end-before: end-minio-mc-globals + - .. include:: /reference/minio-mc/mc-idp-ldap-policy.rst + :start-after: start-mc-idp-ldap-policy-desc + :end-before: end-mc-idp-ldap-policy-desc + + * - :mc-cmd:`mc idp ldap rm` + - .. include:: /reference/minio-mc/mc-idp-ldap-rm.rst + :start-after: start-mc-idp-ldap-rm-desc + :end-before: end-mc-idp-ldap-rm-desc + + * - :mc-cmd:`mc idp ldap update` + - .. include:: /reference/minio-mc/mc-idp-ldap-update.rst + :start-after: start-mc-idp-ldap-update-desc + :end-before: end-mc-idp-ldap-update-desc + + +.. toctree:: + :titlesonly: + :hidden: + + /reference/minio-mc/mc-idp-ldap-add + /reference/minio-mc/mc-idp-ldap-disable + /reference/minio-mc/mc-idp-ldap-enable + /reference/minio-mc/mc-idp-ldap-info + /reference/minio-mc/mc-idp-ldap-ls + /reference/minio-mc/mc-idp-ldap-rm + /reference/minio-mc/mc-idp-ldap-update diff --git a/source/reference/minio-server/minio-server.rst b/source/reference/minio-server/minio-server.rst index a65466c6..12b03d77 100644 --- a/source/reference/minio-server/minio-server.rst +++ b/source/reference/minio-server/minio-server.rst @@ -2649,9 +2649,7 @@ variables. :start-after: start-minio-ad-ldap-server-addr :end-before: end-minio-ad-ldap-server-addr - This environment variable corresponds with the - :mc-conf:`identity_ldap server_addr - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add server_addr` command. .. envvar:: MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN @@ -2661,9 +2659,7 @@ variables. :start-after: start-minio-ad-ldap-lookup-bind-dn :end-before: end-minio-ad-ldap-lookup-bind-dn - This environment variable corresponds with the - :mc-conf:`identity_ldap lookup_bind_dn - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add lookup_bind_dn` command. .. envvar:: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD @@ -2673,9 +2669,7 @@ variables. :start-after: start-minio-ad-ldap-lookup-bind-password :end-before: end-minio-ad-ldap-lookup-bind-password - This environment variable corresponds with the - :mc-conf:`identity_ldap lookup_bind_password - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add lookup_bind_password` command. .. envvar:: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN @@ -2685,9 +2679,7 @@ variables. :start-after: start-minio-ad-ldap-user-dn-search-base-dn :end-before: end-minio-ad-ldap-user-dn-search-base-dn - This environment variable corresponds with the - :mc-conf:`identity_ldap user_dn_search_base_dn - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add user_dn_search_base_dn` command. .. envvar:: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER @@ -2697,9 +2689,7 @@ variables. :start-after: start-minio-ad-ldap-user-dn-search-filter :end-before: end-minio-ad-ldap-user-dn-search-filter - This environment variable corresponds with the - :mc-conf:`identity_ldap user_dn_search_filter - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add user_dn_search_filter` command. .. envvar:: MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER @@ -2709,9 +2699,7 @@ variables. :start-after: start-minio-ad-ldap-group-search-filter :end-before: end-minio-ad-ldap-group-search-filter - This environment variable corresponds with the - :mc-conf:`identity_ldap group_search_filter - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add group_search_filter` command. .. envvar:: MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN @@ -2721,9 +2709,7 @@ variables. :start-after: start-minio-ad-ldap-group-search-base-dn :end-before: end-minio-ad-ldap-group-search-base-dn - This environment variable corresponds with the - :mc-conf:`identity_ldap group_search_base_dn - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add group_search_base_dn` command. .. envvar:: MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY @@ -2733,9 +2719,7 @@ variables. :start-after: start-minio-ad-ldap-tls-skip-verify :end-before: end-minio-ad-ldap-tls-skip-verify - This environment variable corresponds with the - :mc-conf:`identity_ldap tls_skip_verify - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add tls_skip_verify` command. .. envvar:: MINIO_IDENTITY_LDAP_SERVER_INSECURE @@ -2745,9 +2729,7 @@ variables. :start-after: start-minio-ad-ldap-server-insecure :end-before: end-minio-ad-ldap-server-insecure - This environment variable corresponds with the - :mc-conf:`identity_ldap server_insecure - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add server_insecure` command. .. envvar:: MINIO_IDENTITY_LDAP_SERVER_STARTTLS @@ -2757,9 +2739,7 @@ variables. :start-after: start-minio-ad-ldap-server-starttls :end-before: end-minio-ad-ldap-server-starttls - This environment variable corresponds with the - :mc-conf:`identity_ldap server_starttls - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add server_starttls` command. .. envvar:: MINIO_IDENTITY_LDAP_SRV_RECORD_NAME @@ -2771,8 +2751,7 @@ variables. :start-after: start-minio-ad-ldap-srv_record_name :end-before: end-minio-ad-ldap-srv_record_name - This environment variable corresponds with the - :mc-conf:`identity_ldap srv_record_name ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add srv_record_name` command. .. envvar:: MINIO_IDENTITY_LDAP_COMMENT @@ -2782,9 +2761,7 @@ variables. :start-after: start-minio-ad-ldap-comment :end-before: end-minio-ad-ldap-comment - This environment variable corresponds with the - :mc-conf:`identity_ldap comment - ` configuration setting. + This environment variable corresponds with the :mc-cmd:`mc idp ldap add comment` command. .. _minio-server-envvar-external-identity-management-openid: