minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-28 19:42:10 +03:00
Code Activity

Restructure/expand mc idp ldap reference pages (#959)

Browse Source 
Improve the AD/LDAP reference docs:

- Break up `mc idp ldap` and `mc idp ldap policy` into parents/children.
- Add commands from the `identity_ldap` configuration key to `mc idp
ldap add` and `mc idp ldap update`.
- Update links from relevant envvars to `mc idp ldap` instead of
`identity_ldap`
- Fix stuff that needs fixing.

Staged:

http://192.241.195.202:9000/staging/DOCS-919-4-idp-ldap/linux/html/reference/minio-mc/mc-idp-ldap.html

http://192.241.195.202:9000/staging/DOCS-919-4-idp-ldap/linux/html/reference/minio-mc/mc-idp-ldap-policy.html
Fixes https://github.com/minio/docs/issues/940

---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
This commit is contained in:
Andrea Longo
2023-08-18 13:50:15 -06:00
committed by GitHub
parent 52f1951c8b
commit 9ea539b8ab
15 changed files with 1187 additions and 437 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
source/includes/common-minio-ad-ldap-params.rst Normal file
View File

@ -0,0 +1,129 @@
.. Descriptions for External Identity Management using an LDAP Provider
Used in the following files:
- /source/reference/minio-mc/mc-idp-ldap-add.rst
- /source/reference/minio-mc/mc-idp-ldap-update.rst
Does not include ALIAS, as the example differs between add and update
.. start-minio-ad-ldap-params
.. mc-cmd:: server_addr
:required:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-server-addr
:end-before: end-minio-ad-ldap-server-addr
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_ADDR` environment variable.
.. mc-cmd:: lookup_bind_dn
:required:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-lookup-bind-dn
:end-before: end-minio-ad-ldap-lookup-bind-dn
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN` environment variable.
.. mc-cmd:: lookup_bind_password
:required:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-lookup-bind-password
:end-before: end-minio-ad-ldap-lookup-bind-password
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD` environment variable.
.. mc-cmd:: user_dn_search_base_dn
:required:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-user-dn-search-base-dn
:end-before: end-minio-ad-ldap-user-dn-search-base-dn
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN` environment variable.
.. mc-cmd:: user_dn_search_filter
:required:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-user-dn-search-filter
:end-before: end-minio-ad-ldap-user-dn-search-filter
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER` environment variable.
.. mc-cmd:: comment
:optional:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-comment
:end-before: end-minio-ad-ldap-comment
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_COMMENT` environment variable.
.. mc-cmd:: enabled
:optional:
Set to ``false`` to disable the AD/LDAP configuration.
If ``false``, applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider.
Defaults to ``true`` or "enabled".
.. mc-cmd:: group_search_base_dn
:optional:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-group-search-base-dn
:end-before: end-minio-ad-ldap-group-search-base-dn
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN` environment variable.
.. mc-cmd:: group_search_filter
:optional:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-group-search-filter
:end-before: end-minio-ad-ldap-group-search-filter
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER` environment variable.
.. mc-cmd:: server_insecure
:optional:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-server-insecure
:end-before: end-minio-ad-ldap-server-insecure
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_INSECURE` environment variable.
.. mc-cmd:: server_starttls
:optional:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-server-starttls
:end-before: end-minio-ad-ldap-server-starttls
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_STARTTLS` environment variable.
.. mc-cmd:: srv_record_name
:optional:
.. versionadded:: RELEASE.2022-12-12T19-27-27Z
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-srv_record_name
:end-before: end-minio-ad-ldap-srv_record_name
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SRV_RECORD_NAME` environment variable.
.. mc-cmd:: tls_skip_verify
:optional:
.. include:: /includes/common-minio-external-auth.rst
:start-after: start-minio-ad-ldap-tls-skip-verify
:end-before: end-minio-ad-ldap-tls-skip-verify
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY` environment variable.
.. end-minio-ad-ldap-params

18
source/includes/common-minio-external-auth.rst
View File

@ -163,8 +163,17 @@ provider configuration.
Specify the hostname for the Active Directory / LDAP server. For example:
``ldapserver.com:636``
.. code-block:: shell
:class: copyable
ldapserver.com:636
.. admonition:: :mc-cmd:`~mc idp ldap add srv_record_name` automatically identifies the port
:class: note
If your AD/LDAP server uses :mc-cmd:`DNS SRV Records <mc idp ldap add srv_record_name>`, do *not* append the port number to your :mc-cmd:`~mc idp ldap add server_addr` value.
SRV requests automatically include port numbers when returning the list of available servers.
.. end-minio-ad-ldap-server-addr
.. start-minio-ad-ldap-lookup-bind-dn
@ -187,11 +196,14 @@ Specify the password for the :ref:`Lookup-Bind
.. start-minio-ad-ldap-user-dn-search-base-dn
Specify the base Distinguished name (DN) MinIO uses when querying for
Specify the base Distinguished Name (DN) MinIO uses when querying for
user credentials matching those provided by an authenticating client.
For example:
``cn=miniousers,dc=myldapserver,dc=net``
.. code-block:: shell
:class: copyable
cn=miniousers,dc=myldapserver,dc=net
Supports :ref:`Lookup-Bind <minio-external-identity-management-ad-ldap-lookup-bind>` mode.

105
source/reference/minio-mc/mc-idp-ldap-add.rst Normal file
View File

@ -0,0 +1,105 @@
.. _minio-mc-idp-ldap-add:
===================
``mc idp ldap add``
===================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap add
Description
-----------
.. start-mc-idp-ldap-add-desc
The :mc:`mc idp ldap add` command creates an AD/LDAP IDP server configuration.
.. end-mc-idp-ldap-add-desc
MinIO supports no more than *one* (1) AD/LDAP provider per deployment.
.. tab-set::
.. tab-item:: EXAMPLE
The following example sets the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap add \
myminio \
server_addr=myldapserver:636 \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret \
user_dn_search_base_dn=dc=min,dc=io \
user_dn_search_filter="(uid=%s)" \
group_search_base_dn=ou=swengg,dc=min,dc=io \
group_search_filter="(&(objectclass=groupofnames)(member=%d))"
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap add \
ALIAS \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to create for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs in the format of ``PARAMETER="value"``.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment on which to add an AD/LDAP integration.
For example:
.. code-block:: none
mc idp ldap add myminio \
server_addr=myldapserver:636 \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret \
user_dn_search_base_dn=dc=min,dc=io \
user_dn_search_filter="(uid=%s)" \
.. include:: /includes/common-minio-ad-ldap-params.rst
:start-after: start-minio-ad-ldap-params
:end-before: end-minio-ad-ldap-params
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

85
source/reference/minio-mc/mc-idp-ldap-disable.rst Normal file
View File

@ -0,0 +1,85 @@
.. _minio-mc-idp-ldap-disable:
=======================
``mc idp ldap disable``
=======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap disable
Description
-----------
.. start-mc-idp-ldap-disable-desc
The :mc:`mc idp ldap disable` command disables the currently configured AD/LDAP provider.
.. end-mc-idp-ldap-disable-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following example disables the AD/LDAP configurations on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap disable \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap disable \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to disable the AD/LDAP integration.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment for which to disable the AD/LDAP integration.
For example:
.. code-block:: none
mc idp ldap disable myminio
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

85
source/reference/minio-mc/mc-idp-ldap-enable.rst Normal file
View File

@ -0,0 +1,85 @@
.. _minio-mc-idp-ldap-enable:
======================
``mc idp ldap enable``
======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap enable
Description
-----------
.. start-mc-idp-ldap-enable-desc
The :mc:`mc idp ldap enable` command enables the currently configured AD/LDAP provider.
.. end-mc-idp-ldap-enable-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following example enables the AD/LDAP configurations on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap enable \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap enable \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to enable the AD/LDAP integration.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment for which to enable the AD/LDAP integration.
For example:
.. code-block:: none
mc idp ldap enable myminio
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

85
source/reference/minio-mc/mc-idp-ldap-info.rst Normal file
View File

@ -0,0 +1,85 @@
.. _minio-mc-idp-ldap-info:
====================
``mc idp ldap info``
====================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap info
Description
-----------
.. start-mc-idp-ldap-info-desc
The :mc:`mc idp ldap info` command outputs the current configuration for an AD/LDAP provider on a specified MinIO deployment.
.. end-mc-idp-ldap-info-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following example outputs the AD/LDAP configuration settings on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap info \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap info \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to retrieve info on the AD/LDAP integration.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment for which to output the current AD/LDAP configuration.
For example:
.. code-block:: none
mc idp ldap info myminio
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

88
source/reference/minio-mc/mc-idp-ldap-ls.rst Normal file
View File

@ -0,0 +1,88 @@
.. _minio-mc-idp-ldap-ls:
==================
``mc idp ldap ls``
==================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap ls
.. mc:: mc idp ldap list
Description
-----------
.. start-mc-idp-ldap-ls-desc
The :mc:`mc idp ldap ls` command lists the existing set of configurations for an AD/LDAP provider.
.. end-mc-idp-ldap-ls-desc
:mc:`mc idp ldap ls` is also known as :mc:`mc idp ldap list`.
.. tab-set::
.. tab-item:: EXAMPLE
The following example lists the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap ls \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap ls \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to list the AD/LDAP integration.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment for which to output the current AD/LDAP configuration.
For example:
.. code-block:: none
mc idp ldap ls myminio
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

112
source/reference/minio-mc/mc-idp-ldap-policy-attach.rst Normal file
View File

@ -0,0 +1,112 @@
.. _minio-mc-idp-ldap-policy-attach:
=============================
``mc idp ldap policy attach``
=============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap policy attach
Description
-----------
.. start-mc-idp-ldap-policy-attach-desc
The :mc:`mc idp ldap policy attach` command attaches one or more polices to an entity.
.. end-mc-idp-ldap-policy-attach-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following example attaches the policy ``userpolicy`` to the user ``bobfisher`` on the ``myminio`` deployment:
.. code-block:: shell
:class: copyable
mc idp ldap policy attach myminio \
userpolicy \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap policy attach \
POLICYNAME \
[POLICY2] ... \
ALIAS \
[--user=`USER`] \
[--group=`GROUP`]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``POLICYNAME`` with the policy to attach to the entity.
You may list multiple policies to attach to the entity.
- Use must use one of either the ``--user`` or ``--group`` flag.
You may only use the flag once in the command.
You cannot use both flags in the same command.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment with the entity to which to attach a policy.
For example:
.. code-block:: none
mc idp ldap policy attach myminio \
userpolicy \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
Example
~~~~~~~
The following example attaches two policies, ``policy1`` and ``policy2``, to the ``projectb`` group on the ``myminio`` deployment:
.. code-block:: shell
:class: copyable
mc idp ldap policy attach myminio \
policy1 \
policy2 \
--group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

112
source/reference/minio-mc/mc-idp-ldap-policy-detach.rst Normal file
View File

@ -0,0 +1,112 @@
.. _minio-mc-idp-ldap-policy-detach:
=============================
``mc idp ldap policy detach``
=============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap policy detach
Description
-----------
.. start-mc-idp-ldap-policy-detach-desc
The :mc:`mc idp ldap policy detach` command detaches one or more polices from an entity.
.. end-mc-idp-ldap-policy-detach-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following example detaches the policy ``userpolicy`` from the user ``bobfisher`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap policy detach myminio \
userpolicy \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap policy detach \
POLICYNAME \
[POLICY2] ... \
ALIAS \
[--user=`USER`] \
[--group=`GROUP`]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``POLICYNAME`` with the policy to detach from the entity.
You may list multiple policies to detach from the entity.
- Use must use one of either the ``--user`` or ``--group`` flag.
You may only use the flag once in the command.
You cannot use both flags in the same command.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment with the entity from which to detach a policy.
For example:
.. code-block:: none
mc idp ldap policy detach myminio \
userpolicy \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
Example
~~~~~~~
The following example detaches two policies, ``policy1`` and ``policy2``, from the ``projectb`` group on the ``myminio`` deployment:
.. code-block:: shell
:class: copyable
mc idp ldap policy detach myminio \
policy1 \
policy2 \
--group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

113
source/reference/minio-mc/mc-idp-ldap-policy-entities.rst Normal file
View File

@ -0,0 +1,113 @@
.. _minio-mc-idp-ldap-policy-entities:
===============================
``mc idp ldap policy entities``
===============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap policy entities
Description
-----------
.. start-mc-idp-ldap-policy-entities-desc
The :mc:`mc idp ldap policy entities` command displays a list of mappings for a user, group, and/or policy.
.. end-mc-idp-ldap-policy-entities-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following example lists all mappings for a specific policy, a set of groups, and a selection of users on the ``myminio`` deployment.
Specifically, it lists:
- Users mapped to the ``finteam-policy`` policy.
- Policies assigned to the ``uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io`` user.
- Policies assigned to the ``cn=projectb,ou=groups,ou=swengg,dc=min,dc=io`` group.
.. code-block:: shell
:class: copyable
mc idp ldap policy entities myminio \
--policy finteam-policy \
--user 'uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' \
--group 'cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap policy entities \
ALIAS \
[--user `value`, -u `value`] \
[--group `value`, -g `value`] \
[--policy value]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- You may use each of the ``--user``, ``--group``, and/or ``--policy`` flags as many times as desired in the command.
- For each flag, the output lists the entities mapped to the specified policy, user, or group.
- Omit all flags to return a list of mappings for all policies.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment for which to display the entity mappings.
For example:
.. code-block:: none
mc idp ldap policy entities myminio
Example
~~~~~~~
The following example lists the entities mapped to each of two policies, ``policy1`` and ``policy2`` and entities mapped to the ``projectb`` group on the ``myminio`` deployment:
.. code-block:: shell
:class: copyable
mc idp ldap policy entities myminio \
policy1 \
policy2 \
--group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

171
source/reference/minio-mc/mc-idp-ldap-policy.rst
View File

@ -21,11 +21,11 @@ Description
.. start-mc-idp-ldap-policy-desc
The :mc-cmd:`mc idp ldap policy` commands allow you to view the mapping relationships between policies and the associated groups or users. The :mc-cmd:`mc idp ldap policy` commands are only supported against MinIO deployments.
The :mc-cmd:`mc idp ldap policy` commands show the mapping relationships between policies and the associated groups or users.
.. end-mc-idp-ldap-policy-desc
The :mc-cmd:`mc idp ldap policy` commands are only supported against MinIO deployments.
The :mc-cmd:`mc idp ldap policy` command has the following subcommands:
@ -37,161 +37,24 @@ The :mc-cmd:`mc idp ldap policy` command has the following subcommands:
- Description
* - :mc-cmd:`mc idp ldap policy attach`
- Attach a policy to an entity
- .. include:: /reference/minio-mc/mc-idp-ldap-policy-attach.rst
:start-after: start-mc-idp-ldap-policy-attach-desc
:end-before: end-mc-idp-ldap-policy-attach-desc
* - :mc-cmd:`mc idp ldap policy detach`
- Detach a policy from an entity
- .. include:: /reference/minio-mc/mc-idp-ldap-policy-detach.rst
:start-after: start-mc-idp-ldap-policy-detach-desc
:end-before: end-mc-idp-ldap-policy-detach-desc
* - :mc-cmd:`mc idp ldap policy entities`
- List policy entity mappings
- .. include:: /reference/minio-mc/mc-idp-ldap-policy-entities.rst
:start-after: start-mc-idp-ldap-policy-entities-desc
:end-before: end-mc-idp-ldap-policy-entities-desc
Syntax
------
.. toctree::
:titlesonly:
:hidden:
.. mc-cmd:: attach
Attach one or more polices to an entity.
.. tab-set::
.. tab-item:: EXAMPLES
The following example attaches two policies, ``policy1`` and ``policy2``, to the ``projectb`` group on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap policy attach myminio/ \
policy1 \
policy2 \
--group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
The following example attaches the policy, ``userpolicy``, to the user ``bobfisher`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap policy attach myminio/ \
mypolicy \
policy2 \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap policy attach \
POLICYNAME \
[POLICY2] ... \
ALIAS \
[--user=`USER`] \
[--group=`GROUP`]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``POLICYNAME`` with the policy to attach to the entity.
You may list multiple policies to attach to the entity.
- Use must use one of either the ``--user`` or ``--group`` flag.
You may only use the flag once in the command.
You cannot use both flags in the same command.
.. mc-cmd:: detach
Detach one or more policies from an entity.
.. tab-set::
.. tab-item:: EXAMPLES
The following example detaches two policies, ``policy1`` and ``policy2``, from the ``projectb`` group on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap policy detach myminio/ \
policy1 \
policy2 \
--group='cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
The following example detaches the policy, ``userpolicy``, from the user ``bobfisher`` on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap policy detach myminio/ \
mypolicy \
policy2 \
--user='uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap policy detach \
POLICYNAME \
[POLICY2] ... \
ALIAS \
[--user=`USER`] \
[--group=`GROUP`]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- Replace ``POLICYNAME`` with the policy to detach from the entity.
You may list multiple policies to detach from the entity.
- Use must use one of either the ``--user`` or ``--group`` flag.
You may only use the flag once in the command.
You cannot use both flags in the same command.
.. mc-cmd:: entities
Display a list of mappings for a user, group, and/or policy.
.. tab-set::
.. tab-item:: EXAMPLES
The following example lists all mappings for a specific policy, a set of groups, and a selection of users on the ``myminio`` deployment.
Specifically, it lists
- Users mapped to the ``finteam-policy`` policy.
- Policies assigned to the ``uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io`` user
- Policies assigned to the ``cn=projectb,ou=groups,ou=swengg,dc=min,dc=io`` group
.. code-block:: shell
:class: copyable
mc idp ldap policy entities myminio/ \
--policy finteam-policy \
--user 'uid=bobfisher,ou=people,ou=hwengg,dc=min,dc=io' \
--group 'cn=projectb,ou=groups,ou=swengg,dc=min,dc=io'
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap policy entities \
ALIAS \
[--user `value`, -u `value`] \
[--group `value`, -g `value`] \
[--policy value]
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to configure for AD/LDAP integration.
- You may use each of the ``--user``, ``--group``, and/or ``--policy`` flags as many times as desired in the command.
- For each flag, the output lists the entities mapped to the specified policy, user, or group.
- Omit all flags to return a list of mappings for all policies.
Global Flags
------------
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
/reference/minio-mc/mc-idp-ldap-policy-attach
/reference/minio-mc/mc-idp-ldap-policy-detach
/reference/minio-mc/mc-idp-ldap-policy-entities

88
source/reference/minio-mc/mc-idp-ldap-rm.rst Normal file
View File

@ -0,0 +1,88 @@
.. _minio-mc-idp-ldap-rm:
==================
``mc idp ldap rm``
==================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap rm
.. mc:: mc idp ldap remove
Description
-----------
.. start-mc-idp-ldap-rm-desc
The :mc:`mc idp ldap rm` command removes the existing configuration for an AD/LDAP provider.
.. end-mc-idp-ldap-rm-desc
:mc:`mc idp ldap rm` is also known as :mc:`mc idp ldap remove`.
.. tab-set::
.. tab-item:: EXAMPLE
The following example removes the AD/LDAP provider settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap rm \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap rm \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to remove the AD/LDAP integration.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment for which to remove the current AD/LDAP configuration.
For example:
.. code-block:: none
mc idp ldap rm myminio
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

94
source/reference/minio-mc/mc-idp-ldap-update.rst Normal file
View File

@ -0,0 +1,94 @@
.. _minio-mc-idp-ldap-update:
======================
``mc idp ldap update``
======================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. mc:: mc idp ldap update
Description
-----------
.. start-mc-idp-ldap-update-desc
The :mc:`mc idp ldap update` command modifies an existing set of configurations for an AD/LDAP provider.
.. end-mc-idp-ldap-update-desc
.. tab-set::
.. tab-item:: EXAMPLE
The following example changes two of the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap update \
myminio \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap update \
ALIAS \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to update for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs in the format of ``PARAMETER="value"``.
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-syntax
:end-before: end-minio-syntax
Parameters
~~~~~~~~~~
.. mc-cmd:: ALIAS
:required:
The :ref:`alias <alias>` of the MinIO deployment on which to modify an AD/LDAP integration.
For example:
.. code-block:: none
mc idp ldap update myminio \
lookup_bind_dn=cn=admin,dc=min,dc=io \
.. include:: /includes/common-minio-ad-ldap-params.rst
:start-after: start-minio-ad-ldap-params
:end-before: end-minio-ad-ldap-params
Global Flags
~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
Behavior
--------
S3 Compatibility
~~~~~~~~~~~~~~~~
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-s3-compatibility
:end-before: end-minio-mc-s3-compatibility

292
source/reference/minio-mc/mc-idp-ldap.rst
View File

@ -43,253 +43,55 @@ The :mc-cmd:`mc idp ldap` command has the following subcommands:
- Description
* - :mc-cmd:`mc idp ldap add`
- Create an AD/LDAP IDP server configuration.
* - :mc-cmd:`mc idp ldap update`
- Modify an existing AD/LDAP IDP server configuration.
* - :mc-cmd:`mc idp ldap ls`
- Lists AD/LDAP server configurations.
* - :mc-cmd:`mc idp ldap rm`
- Remove an AD/LDAP IDP server configuration from a deployment.
* - :mc-cmd:`mc idp ldap info`
- Displays details for a specific AD/LDAP server configuration.
* - :mc-cmd:`mc idp ldap enable`
- Enables an AD/LDAP server configuration.
- .. include:: /reference/minio-mc/mc-idp-ldap-add.rst
:start-after: start-mc-idp-ldap-add-desc
:end-before: end-mc-idp-ldap-add-desc
* - :mc-cmd:`mc idp ldap disable`
- Disables an AD/LDAP server configuration.
- .. include:: /reference/minio-mc/mc-idp-ldap-disable.rst
:start-after: start-mc-idp-ldap-disable-desc
:end-before: end-mc-idp-ldap-disable-desc
* - :mc-cmd:`mc idp ldap enable`
- .. include:: /reference/minio-mc/mc-idp-ldap-enable.rst
:start-after: start-mc-idp-ldap-enable-desc
:end-before: end-mc-idp-ldap-enable-desc
* - :mc-cmd:`mc idp ldap info`
- .. include:: /reference/minio-mc/mc-idp-ldap-info.rst
:start-after: start-mc-idp-ldap-info-desc
:end-before: end-mc-idp-ldap-info-desc
* - :mc-cmd:`mc idp ldap ls`
- .. include:: /reference/minio-mc/mc-idp-ldap-ls.rst
:start-after: start-mc-idp-ldap-ls-desc
:end-before: end-mc-idp-ldap-ls-desc
* - :mc-cmd:`mc idp ldap policy` subcommands
- Manage AD/LDAP policies and entity mappings.
Configuration Parameters
------------------------
The :mc-cmd:`mc idp ldap` subcommands support the same configuration parameters as the :mc-conf:`identity_ldap` configuration key.
These parameters define the server's interaction with the Active Directory or LDAP IAM provider.
For a more detailed explanation of the configuration parameters, refer to the :ref:`config setting documentation <minio-ldap-config-settings>`.
Syntax
------
.. mc-cmd:: add
Create a new configuration for an AD/LDAP provider.
MinIO supports no more than *one* (1) AD/LDAP provider per deployment.
.. tab-set::
.. tab-item:: EXAMPLE
The following example sets the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap add \
myminio \
server_addr=myldapserver:636 \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret \
user_dn_search_base_dn=dc=min,dc=io \
user_dn_search_filter="(uid=%s)" \
group_search_base_dn=ou=swengg,dc=min,dc=io \
group_search_filter="(&(objectclass=groupofnames)(member=%d))"
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap add \
ALIAS \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to create for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs in the format of ``PARAMETER="value"``.
.. mc-cmd:: update
Modify an existing set of configurations for an AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example changes two of the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap update \
myminio \
lookup_bind_dn=cn=admin,dc=min,dc=io \
lookup_bind_password=somesecret
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap update \
ALIAS \
[CFG_PARAM1] \
[CFG_PARAM2]...
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to update for AD/LDAP integration.
- Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting <minio-ldap-config-settings>` key-value pairs to update in the format of ``PARAMETER="value"``.
.. mc-cmd:: ls, list
Lists the existing set of configurations for an AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example lists the AD/LDAP configuration settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap ls myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap ls ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to list the AD/LDAP integration.
.. mc-cmd:: rm, remove
Remove the existing configuration for an AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example removes the AD/LDAP provider settings for the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap rm myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap rm \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to remove the AD/LDAP integration.
.. mc-cmd:: info
Outputs the current configuration for an AD/LDAP provider on a specified MinIO deployment.
.. tab-set::
.. tab-item:: EXAMPLE
The following example outputs the AD/LDAP configuration settings on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap info myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap info \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to retrieve info on the AD/LDAP integration.
.. mc-cmd:: enable
Enables the currently configured AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example enables the AD/LDAP configuration on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap enable \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap enable \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to enable the AD/LDAP integration.
.. mc-cmd:: disable
Disables the currently configured AD/LDAP provider.
.. tab-set::
.. tab-item:: EXAMPLE
The following example disables the AD/LDAP configurations on the ``myminio`` deployment.
.. code-block:: shell
:class: copyable
mc idp ldap disable \
myminio
.. tab-item:: SYNTAX
The command has the following syntax:
.. code-block:: shell
:class: copyable
mc [GLOBALFLAGS] idp ldap disable \
ALIAS
- Replace ``ALIAS`` with the :ref:`alias <alias>` of a MinIO deployment to disable the AD/LDAP integration.
Global Flags
------------
.. include:: /includes/common-minio-mc.rst
:start-after: start-minio-mc-globals
:end-before: end-minio-mc-globals
- .. include:: /reference/minio-mc/mc-idp-ldap-policy.rst
:start-after: start-mc-idp-ldap-policy-desc
:end-before: end-mc-idp-ldap-policy-desc
* - :mc-cmd:`mc idp ldap rm`
- .. include:: /reference/minio-mc/mc-idp-ldap-rm.rst
:start-after: start-mc-idp-ldap-rm-desc
:end-before: end-mc-idp-ldap-rm-desc
* - :mc-cmd:`mc idp ldap update`
- .. include:: /reference/minio-mc/mc-idp-ldap-update.rst
:start-after: start-mc-idp-ldap-update-desc
:end-before: end-mc-idp-ldap-update-desc
.. toctree::
:titlesonly:
:hidden:
/reference/minio-mc/mc-idp-ldap-add
/reference/minio-mc/mc-idp-ldap-disable
/reference/minio-mc/mc-idp-ldap-enable
/reference/minio-mc/mc-idp-ldap-info
/reference/minio-mc/mc-idp-ldap-ls
/reference/minio-mc/mc-idp-ldap-rm
/reference/minio-mc/mc-idp-ldap-update

47
source/reference/minio-server/minio-server.rst
View File

@ -2649,9 +2649,7 @@ variables.
:start-after: start-minio-ad-ldap-server-addr
:end-before: end-minio-ad-ldap-server-addr
This environment variable corresponds with the
:mc-conf:`identity_ldap server_addr
<identity_ldap.server_addr>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add server_addr` command.
.. envvar:: MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
@ -2661,9 +2659,7 @@ variables.
:start-after: start-minio-ad-ldap-lookup-bind-dn
:end-before: end-minio-ad-ldap-lookup-bind-dn
This environment variable corresponds with the
:mc-conf:`identity_ldap lookup_bind_dn
<identity_ldap.lookup_bind_dn>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add lookup_bind_dn` command.
.. envvar:: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
@ -2673,9 +2669,7 @@ variables.
:start-after: start-minio-ad-ldap-lookup-bind-password
:end-before: end-minio-ad-ldap-lookup-bind-password
This environment variable corresponds with the
:mc-conf:`identity_ldap lookup_bind_password
<identity_ldap.lookup_bind_password>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add lookup_bind_password` command.
.. envvar:: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
@ -2685,9 +2679,7 @@ variables.
:start-after: start-minio-ad-ldap-user-dn-search-base-dn
:end-before: end-minio-ad-ldap-user-dn-search-base-dn
This environment variable corresponds with the
:mc-conf:`identity_ldap user_dn_search_base_dn
<identity_ldap.user_dn_search_base_dn>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add user_dn_search_base_dn` command.
.. envvar:: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
@ -2697,9 +2689,7 @@ variables.
:start-after: start-minio-ad-ldap-user-dn-search-filter
:end-before: end-minio-ad-ldap-user-dn-search-filter
This environment variable corresponds with the
:mc-conf:`identity_ldap user_dn_search_filter
<identity_ldap.user_dn_search_filter>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add user_dn_search_filter` command.
.. envvar:: MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER
@ -2709,9 +2699,7 @@ variables.
:start-after: start-minio-ad-ldap-group-search-filter
:end-before: end-minio-ad-ldap-group-search-filter
This environment variable corresponds with the
:mc-conf:`identity_ldap group_search_filter
<identity_ldap.group_search_filter>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add group_search_filter` command.
.. envvar:: MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
@ -2721,9 +2709,7 @@ variables.
:start-after: start-minio-ad-ldap-group-search-base-dn
:end-before: end-minio-ad-ldap-group-search-base-dn
This environment variable corresponds with the
:mc-conf:`identity_ldap group_search_base_dn
<identity_ldap.group_search_base_dn>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add group_search_base_dn` command.
.. envvar:: MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY
@ -2733,9 +2719,7 @@ variables.
:start-after: start-minio-ad-ldap-tls-skip-verify
:end-before: end-minio-ad-ldap-tls-skip-verify
This environment variable corresponds with the
:mc-conf:`identity_ldap tls_skip_verify
<identity_ldap.tls_skip_verify>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add tls_skip_verify` command.
.. envvar:: MINIO_IDENTITY_LDAP_SERVER_INSECURE
@ -2745,9 +2729,7 @@ variables.
:start-after: start-minio-ad-ldap-server-insecure
:end-before: end-minio-ad-ldap-server-insecure
This environment variable corresponds with the
:mc-conf:`identity_ldap server_insecure
<identity_ldap.server_insecure>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add server_insecure` command.
.. envvar:: MINIO_IDENTITY_LDAP_SERVER_STARTTLS
@ -2757,9 +2739,7 @@ variables.
:start-after: start-minio-ad-ldap-server-starttls
:end-before: end-minio-ad-ldap-server-starttls
This environment variable corresponds with the
:mc-conf:`identity_ldap server_starttls
<identity_ldap.server_starttls>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add server_starttls` command.
.. envvar:: MINIO_IDENTITY_LDAP_SRV_RECORD_NAME
@ -2771,8 +2751,7 @@ variables.
:start-after: start-minio-ad-ldap-srv_record_name
:end-before: end-minio-ad-ldap-srv_record_name
This environment variable corresponds with the
:mc-conf:`identity_ldap srv_record_name <identity_ldap.srv_record_name>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add srv_record_name` command.
.. envvar:: MINIO_IDENTITY_LDAP_COMMENT
@ -2782,9 +2761,7 @@ variables.
:start-after: start-minio-ad-ldap-comment
:end-before: end-minio-ad-ldap-comment
This environment variable corresponds with the
:mc-conf:`identity_ldap comment
<identity_ldap.comment>` configuration setting.
This environment variable corresponds with the :mc-cmd:`mc idp ldap add comment` command.
.. _minio-server-envvar-external-identity-management-openid: