mirror of
https://github.com/minio/docs.git
synced 2025-07-31 18:04:52 +03:00
Restructure/expand mc idp ldap reference pages (#959)
Improve the AD/LDAP reference docs: - Break up `mc idp ldap` and `mc idp ldap policy` into parents/children. - Add commands from the `identity_ldap` configuration key to `mc idp ldap add` and `mc idp ldap update`. - Update links from relevant envvars to `mc idp ldap` instead of `identity_ldap` - Fix stuff that needs fixing. Staged: http://192.241.195.202:9000/staging/DOCS-919-4-idp-ldap/linux/html/reference/minio-mc/mc-idp-ldap.html http://192.241.195.202:9000/staging/DOCS-919-4-idp-ldap/linux/html/reference/minio-mc/mc-idp-ldap-policy.html Fixes https://github.com/minio/docs/issues/940 --------- Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
This commit is contained in:
Andrea Longo
GitHub
129
source/includes/common-minio-ad-ldap-params.rst
Normal file
129
source/includes/common-minio-ad-ldap-params.rst
Normal file
@ -0,0 +1,129 @@
|
||||
.. Descriptions for External Identity Management using an LDAP Provider
|
||||
Used in the following files:
|
||||
- /source/reference/minio-mc/mc-idp-ldap-add.rst
|
||||
- /source/reference/minio-mc/mc-idp-ldap-update.rst
|
||||
|
||||
Does not include ALIAS, as the example differs between add and update
|
||||
|
||||
.. start-minio-ad-ldap-params
|
||||
|
||||
.. mc-cmd:: server_addr
|
||||
:required:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-server-addr
|
||||
:end-before: end-minio-ad-ldap-server-addr
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_ADDR` environment variable.
|
||||
|
||||
.. mc-cmd:: lookup_bind_dn
|
||||
:required:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-lookup-bind-dn
|
||||
:end-before: end-minio-ad-ldap-lookup-bind-dn
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN` environment variable.
|
||||
|
||||
.. mc-cmd:: lookup_bind_password
|
||||
:required:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-lookup-bind-password
|
||||
:end-before: end-minio-ad-ldap-lookup-bind-password
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD` environment variable.
|
||||
|
||||
.. mc-cmd:: user_dn_search_base_dn
|
||||
:required:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-user-dn-search-base-dn
|
||||
:end-before: end-minio-ad-ldap-user-dn-search-base-dn
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN` environment variable.
|
||||
|
||||
.. mc-cmd:: user_dn_search_filter
|
||||
:required:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-user-dn-search-filter
|
||||
:end-before: end-minio-ad-ldap-user-dn-search-filter
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER` environment variable.
|
||||
|
||||
.. mc-cmd:: comment
|
||||
:optional:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-comment
|
||||
:end-before: end-minio-ad-ldap-comment
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_COMMENT` environment variable.
|
||||
|
||||
.. mc-cmd:: enabled
|
||||
:optional:
|
||||
|
||||
Set to ``false`` to disable the AD/LDAP configuration.
|
||||
|
||||
If ``false``, applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider.
|
||||
|
||||
Defaults to ``true`` or "enabled".
|
||||
|
||||
.. mc-cmd:: group_search_base_dn
|
||||
:optional:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-group-search-base-dn
|
||||
:end-before: end-minio-ad-ldap-group-search-base-dn
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN` environment variable.
|
||||
|
||||
.. mc-cmd:: group_search_filter
|
||||
:optional:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-group-search-filter
|
||||
:end-before: end-minio-ad-ldap-group-search-filter
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER` environment variable.
|
||||
|
||||
.. mc-cmd:: server_insecure
|
||||
:optional:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-server-insecure
|
||||
:end-before: end-minio-ad-ldap-server-insecure
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_INSECURE` environment variable.
|
||||
|
||||
.. mc-cmd:: server_starttls
|
||||
:optional:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-server-starttls
|
||||
:end-before: end-minio-ad-ldap-server-starttls
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SERVER_STARTTLS` environment variable.
|
||||
|
||||
.. mc-cmd:: srv_record_name
|
||||
:optional:
|
||||
|
||||
.. versionadded:: RELEASE.2022-12-12T19-27-27Z
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-srv_record_name
|
||||
:end-before: end-minio-ad-ldap-srv_record_name
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_SRV_RECORD_NAME` environment variable.
|
||||
|
||||
.. mc-cmd:: tls_skip_verify
|
||||
:optional:
|
||||
|
||||
.. include:: /includes/common-minio-external-auth.rst
|
||||
:start-after: start-minio-ad-ldap-tls-skip-verify
|
||||
:end-before: end-minio-ad-ldap-tls-skip-verify
|
||||
|
||||
This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY` environment variable.
|
||||
|
||||
.. end-minio-ad-ldap-params
|
||||
@ -163,8 +163,17 @@ provider configuration.
|
||||
|
||||
Specify the hostname for the Active Directory / LDAP server. For example:
|
||||
|
||||
``ldapserver.com:636``
|
||||
.. code-block:: shell
|
||||
:class: copyable
|
||||
|
||||
ldapserver.com:636
|
||||
|
||||
.. admonition:: :mc-cmd:`~mc idp ldap add srv_record_name` automatically identifies the port
|
||||
:class: note
|
||||
|
||||
If your AD/LDAP server uses :mc-cmd:`DNS SRV Records <mc idp ldap add srv_record_name>`, do *not* append the port number to your :mc-cmd:`~mc idp ldap add server_addr` value.
|
||||
SRV requests automatically include port numbers when returning the list of available servers.
|
||||
|
||||
.. end-minio-ad-ldap-server-addr
|
||||
|
||||
.. start-minio-ad-ldap-lookup-bind-dn
|
||||
@ -187,11 +196,14 @@ Specify the password for the :ref:`Lookup-Bind
|
||||
|
||||
.. start-minio-ad-ldap-user-dn-search-base-dn
|
||||
|
||||
Specify the base Distinguished name (DN) MinIO uses when querying for
|
||||
Specify the base Distinguished Name (DN) MinIO uses when querying for
|
||||
user credentials matching those provided by an authenticating client.
|
||||
For example:
|
||||
|
||||
``cn=miniousers,dc=myldapserver,dc=net``
|
||||
.. code-block:: shell
|
||||
:class: copyable
|
||||
|
||||
cn=miniousers,dc=myldapserver,dc=net
|
||||
|
||||
Supports :ref:`Lookup-Bind <minio-external-identity-management-ad-ldap-lookup-bind>` mode.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user