ca23b065b2
Corrects errors from `mc-conf` references not noticed until after merging #1028 . No issue to track it.
8.9 KiB
Active Directory / LDAP Settings
minio
Table of Contents
This page documents settings for enabling external identity
management using an Active Directory or LDAP service. See minio-authenticate-using-ad-ldap-generic for a
tutorial on using these settings.
Important
New in version RELEASE.2023-05-26T23-31-54Z:
mc idp ldap commands
are preferred over using configuration settings to configure MinIO to
use Active Directory or LDAP for identity management.
MinIO recommends using the mc idp ldap commands for LDAP management operations.
These commands offer better validation and additional features, while
providing the same settings as the identity_ldap
configuration key. See minio-authenticate-using-ad-ldap-generic for a
tutorial on using mc idp ldap.
The identity_ldap configuration settings remains
available for existing scripts and other tools.
Examples
Environment Variable
MINIO_IDENTITY_LDAP_SERVER_ADDR="ldapserver.com:636"Note
srv_record_name automatically identifies the port.
If your AD/LDAP server uses DNS SRV Records, do
not append the port number to your server_addr
value. SRV requests automatically include port numbers when returning
the list of available servers.
Configuration Setting
identity_ldap
The following settings are required when defining LDAP using mc admin config set:
enabledserver_addrlookup_bind_dnlookup_bind_dn_passworduser_dn_search_base_dnuser_dn_search_filter
mc admin config set identity_ldap \
enabled="true" \
server_addr="ad-ldap.example.net/" \
lookup_bind_dn="cn=miniolookupuser,dc=example,dc=net" \
lookup_bind_dn_password="userpassword" \
user_dn_search_base_dn="dc=example,dc=net" \
user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"Settings
Server Address
Required
Environment Variable
MINIO_IDENTITY_LDAP_SERVER_ADDR
Configuration Setting
identity_ldap server_addr
Lookup Bind DN
Required
Environment Variable
MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
Configuration Setting
identity_ldap lookup_bind_dn
Lookup Bind Password
Required
Environment Variable
MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
Configuration Setting
identity_ldap lookup_bind_password
User DN Search Base DN
Required
Environment Variable
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
Configuration Setting
identity_ldap user_dn_search_base_dn
User DN Search Filter
Required
Environment Variable
MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
Configuration Setting
identity_ldap user_dn_search_filter
Enabled
Optional
Environment Variable
This setting does not have an environment variable option. Use the configuration setting instead.
Configuration Setting
identity_ldap enabled
Set to false to disable the AD/LDAP configuration.
If false, applications cannot generate STS credentials
or otherwise authenticate to MinIO using the configured provider.
Defaults to true or "enabled".
Group Search Filter
Optional
Environment Variable
MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER
Configuration Setting
identity_ldap group_search_filter
Group Search Base DN
Optional
Environment Variable
MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN
Configuration Setting
identity_ldap group_search_base_dn
TLS Skip Verify
Optional
Environment Variable
MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY
Configuration Setting
identity_ldap tls_skip_verify
Server Insecure
Optional
Environment Variable
MINIO_IDENTITY_LDAP_SERVER_INSECURE
Configuration Setting
identity_ldap server_insecure
Server Start TLS
Optional
Environment Variable
MINIO_IDENTITY_LDAP_SERVER_STARTTLS
Configuration Setting
identity_ldap server_starttls
SRV Record Name
Optional
RELEASE.2022-12-12T19-27-27Z
Environment Variable
MINIO_IDENTITY_LDAP_SRV_RECORD_NAME
Configuration Setting
identity_ldap srv_record_name
Comment
Optional
Environment Variable
MINIO_IDENTITY_LDAP_COMMENT
Configuration Setting
identity_ldap identity_ldap comment