.. _minio-mc-admin-idp-ldap: ===================== ``mc admin idp ldap`` ===================== .. default-domain:: minio .. contents:: Table of Contents :local: :depth: 2 .. mc:: mc admin idp ldap .. versionchanged:: RELEASE.2023-05-26T23-31-54Z ``mc admin idp ldap`` and its subcommands replaced by :mc-cmd:`mc idp ldap`. Description ----------- .. start-mc-admin-idp-ldap-desc The :mc-cmd:`mc admin idp ldap` commands allow you to add, modify, review, list, remove, enable, and disable server configurations to 3rd party :ref:`Active Directory or LDAP Identity and Access Management (IAM) integrations `. .. end-mc-admin-idp-ldap-desc Define configuration settings as an alternative to using environment variables when :ref:`setting up an AD/LDAP connection `. .. note:: Configuration settings do **not** override settings configured as environment variables. The :mc-cmd:`mc admin idp ldap` command has the following subcommands: .. list-table:: :header-rows: 1 :widths: 40 60 * - Subcommand - Description * - :mc-cmd:`mc admin idp ldap add` - Create an AD/LDAP IDP server configuration. * - :mc-cmd:`mc admin idp ldap update` - Modify an existing AD/LDAP IDP server configuration. * - :mc-cmd:`mc admin idp ldap ls` - Lists AD/LDAP server configurations. * - :mc-cmd:`mc admin idp ldap rm` - Remove an AD/LDAP IDP server configuration from a deployment. * - :mc-cmd:`mc admin idp ldap info` - Displays details for a specific AD/LDAP server configuration. * - :mc-cmd:`mc admin idp ldap enable` - Enables an AD/LDAP server configuration. * - :mc-cmd:`mc admin idp ldap disable` - Disables an AD/LDAP server configuration. * - :mc-cmd:`mc admin idp ldap policy entities` - List policy association entities Configuration Parameters ------------------------ The :mc-cmd:`mc admin idp ldap` subcommands support configuration parameters. The parameters define the server's interaction with the Active Directory or LDAP IAM provider. For a more detailed explanation of the configuration parameters, refer to the :ref:`config setting documentation `. Syntax ------ .. mc-cmd:: add Create a new configuration for an AD/LDAP provider. MinIO supports no more than *one* (1) AD/LDAP provider per deployment. .. tab-set:: .. tab-item:: EXAMPLE The following example sets the AD/LDAP configuration settings for the ``myminio`` deployment. .. code-block:: shell :class: copyable mc admin idp ldap add \ myminio \ server_addr=myldapserver:636 \ lookup_bind_dn=cn=admin,dc=min,dc=io \ lookup_bind_password=somesecret \ user_dn_search_base_dn=dc=min,dc=io \ user_dn_search_filter="(uid=%s)" \ group_search_base_dn=ou=swengg,dc=min,dc=io \ group_search_filter="(&(objectclass=groupofnames)(member=%d))" .. tab-item:: SYNTAX The command has the following syntax: .. code-block:: shell :class: copyable mc [GLOBALFLAGS] admin idp ldap add \ ALIAS \ [CFG_PARAM1] \ [CFG_PARAM2]... - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to create for AD/LDAP integration. - Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting ` key-value pairs in the format of ``PARAMETER="value"``. .. mc-cmd:: update Modify an existing set of configurations for an AD/LDAP provider. .. tab-set:: .. tab-item:: EXAMPLE The following example changes two of the AD/LDAP configuration settings for the ``myminio`` deployment. .. code-block:: shell :class: copyable mc admin idp ldap update \ myminio \ lookup_bind_dn=cn=admin,dc=min,dc=io \ lookup_bind_password=somesecret .. tab-item:: SYNTAX The command has the following syntax: .. code-block:: shell :class: copyable mc [GLOBALFLAGS] admin idp ldap update \ ALIAS \ [CFG_PARAM1] \ [CFG_PARAM2]... - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to update for AD/LDAP integration. - Replace the ``[CFG_PARAM#]`` with each of the :ref:`configuration setting ` key-value pairs to update in the format of ``PARAMETER="value"``. .. mc-cmd:: ls, list Lists the existing set of configurations for an AD/LDAP provider. .. tab-set:: .. tab-item:: EXAMPLE The following example lists the AD/LDAP configuration settings for the ``myminio`` deployment. .. code-block:: shell :class: copyable mc admin idp ldap ls myminio .. tab-item:: SYNTAX The command has the following syntax: .. code-block:: shell :class: copyable mc [GLOBALFLAGS] admin idp ldap ls ALIAS - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to list the AD/LDAP integration. .. mc-cmd:: rm, remove Remove the existing configuration for an AD/LDAP provider. .. tab-set:: .. tab-item:: EXAMPLE The following example removes the AD/LDAP provider settings for the ``myminio`` deployment. .. code-block:: shell :class: copyable mc admin idp ldap rm myminio .. tab-item:: SYNTAX The command has the following syntax: .. code-block:: shell :class: copyable mc [GLOBALFLAGS] admin idp ldap rm \ ALIAS - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to remove the AD/LDAP integration. .. mc-cmd:: info Outputs the current configuration for an AD/LDAP provider on a specified MinIO deployment. .. tab-set:: .. tab-item:: EXAMPLE The following example outputs the AD/LDAP configuration settings on the ``myminio`` deployment. .. code-block:: shell :class: copyable mc admin idp ldap info myminio .. tab-item:: SYNTAX The command has the following syntax: .. code-block:: shell :class: copyable mc [GLOBALFLAGS] admin idp ldap info \ ALIAS - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to retrieve info on the AD/LDAP integration. .. mc-cmd:: enable Enables the currently configured AD/LDAP provider. .. tab-set:: .. tab-item:: EXAMPLE The following example enables the AD/LDAP configuration on the ``myminio`` deployment. .. code-block:: shell :class: copyable mc admin idp ldap enable \ myminio .. tab-item:: SYNTAX The command has the following syntax: .. code-block:: shell :class: copyable mc [GLOBALFLAGS] admin idp ldap enable \ ALIAS - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to enable the AD/LDAP integration. .. mc-cmd:: disable Disables the currently configured AD/LDAP provider. .. tab-set:: .. tab-item:: EXAMPLE The following example disables the AD/LDAP configurations on the ``myminio`` deployment. .. code-block:: shell :class: copyable mc admin idp ldap disable \ myminio .. tab-item:: SYNTAX The command has the following syntax: .. code-block:: shell :class: copyable mc [GLOBALFLAGS] admin idp ldap disable \ ALIAS - Replace ``ALIAS`` with the :ref:`alias ` of a MinIO deployment to disable the AD/LDAP integration. Global Flags ------------ .. include:: /includes/common-minio-mc.rst :start-after: start-minio-mc-globals :end-before: end-minio-mc-globals