minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-08-05 03:41:24 +03:00
Code Activity
Files
relax-event-restriction
docs/source/reference/minio-server/settings/iam/ldap.rst
Daryl White 529e67dc7e Changes for several issues related to SFTP and LDAP (#1252) 
- Adds info the docs about recent changes to LDAP and SFTP
authentication
- Adds new config/envvar parameter
- Adds new sftp option for server
- Adds new example for forcing ldap or sa auth to SFTP
- Adds new example for using certificate authority for auth to SFTP

Closes #1240
Closes #1229
Closes #1226
Closes #1208
2024-07-15 14:30:19 -04:00

9.7 KiB
Raw Permalink Blame History

Active Directory / LDAP Settings

minio

Table of Contents

This page documents settings for enabling external identity management using an Active Directory or LDAP service. See minio-authenticate-using-ad-ldap-generic for a tutorial on using these settings.

Important

New in version RELEASE.2023-05-26T23-31-54Z:

mc idp ldap commands are preferred over using configuration settings to configure MinIO to use Active Directory or LDAP for identity management.

MinIO recommends using the mc idp ldap commands for LDAP management operations. These commands offer better validation and additional features, while providing the same settings as the identity_ldap configuration key. See minio-authenticate-using-ad-ldap-generic for a tutorial on using mc idp ldap.

The identity_ldap configuration settings remains available for existing scripts and other tools.

Examples

Environment Variable

MINIO_IDENTITY_LDAP_SERVER_ADDR="ldapserver.com:636"

Note

srv_record_name automatically identifies the port.

If your AD/LDAP server uses DNS SRV Records, do not append the port number to your server_addr value. SRV requests automatically include port numbers when returning the list of available servers.

Configuration Setting

identity_ldap

The following settings are required when defining LDAP using mc admin config set:

  • enabled
  • server_addr
  • lookup_bind_dn
  • lookup_bind_dn_password
  • user_dn_search_base_dn
  • user_dn_search_filter
mc admin config set identity_ldap                        \
   enabled="true"                                        \
   server_addr="ad-ldap.example.net/"                    \
   lookup_bind_dn="cn=miniolookupuser,dc=example,dc=net" \
   lookup_bind_dn_password="userpassword"                \
   user_dn_search_base_dn="dc=example,dc=net"            \
   user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"

Settings

Server Address

Required

Environment Variable

MINIO_IDENTITY_LDAP_SERVER_ADDR

Configuration Setting

identity_ldap server_addr

Lookup Bind DN

Required

Environment Variable

MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN

Configuration Setting

identity_ldap lookup_bind_dn

Lookup Bind Password

Required

Environment Variable

MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD

Configuration Setting

identity_ldap lookup_bind_password

User DN Search Base DN

Required

Environment Variable

MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN

Configuration Setting

identity_ldap user_dn_search_base_dn

User DN Search Filter

Required

Environment Variable

MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER

Configuration Setting

identity_ldap user_dn_search_filter

User DN Attributes

Optional

Environment Variable

MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES

Configuration Setting

identity_ldap user_dn_attributes

Enabled

Optional

Environment Variable

This setting does not have an environment variable option. Use the configuration setting instead.

Configuration Setting

identity_ldap enabled

Set to false to disable the AD/LDAP configuration.

If false, applications cannot generate STS credentials or otherwise authenticate to MinIO using the configured provider.

Defaults to true or "enabled".

Group Search Filter

Optional

Environment Variable

MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER

Configuration Setting

identity_ldap group_search_filter

Group Search Base DN

Optional

Environment Variable

MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN

Configuration Setting

identity_ldap group_search_base_dn

TLS Skip Verify

Optional

Environment Variable

MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY

Configuration Setting

identity_ldap tls_skip_verify

Server Insecure

Optional

Environment Variable

MINIO_IDENTITY_LDAP_SERVER_INSECURE

Configuration Setting

identity_ldap server_insecure

Server Start TLS

Optional

Environment Variable

MINIO_IDENTITY_LDAP_SERVER_STARTTLS

Configuration Setting

identity_ldap server_starttls

SRV Record Name

Optional

RELEASE.2022-12-12T19-27-27Z

Environment Variable

MINIO_IDENTITY_LDAP_SRV_RECORD_NAME

Configuration Setting

identity_ldap srv_record_name

Comment

Optional

Environment Variable

MINIO_IDENTITY_LDAP_COMMENT

Configuration Setting

identity_ldap identity_ldap comment