LDAP config
- Set the environment variables for LDAP
- Attach policy to LDAP user
- Login with LDAP user in Console
https://console.jumpcloud.com/login/admin [email protected] Itautomation1!
export MINIO_IDENTITY_LDAP_SERVER_ADDR=ldap.jumpcloud.com:636
export MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN='uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com'
export MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD=Itautomation1!
export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN='ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com'
export MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER='(uid=%s)'
export MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on
MINIO_ROOT_USER=minio MINIO_ROOT_PASSWORD=minio123 minio server /Volumes/data{1...4} --address :9000 --console-address :9001$ mc admin idp ldap info myminio
╭──────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ lookup_bind_dn: uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com (environment)│
│ lookup_bind_password: Itautomation1! (environment) │
│ server_addr: ldap.jumpcloud.com:636 (environment) │
│ tls_skip_verify: on (environment) │
│user_dn_search_base_dn: ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com (environment) │
│ user_dn_search_filter: (uid=%s) (environment) │
╰──────────────────────────────────────────────────────────────────────────────────────────────────────────╯$ mc admin idp ldap list myminio
╭─────────────────────────╮
│ On? Name RoleARN │
│ 🟢 (default) │
╰─────────────────────────╯Expecting a policy to be set for user `uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com` or one of their groups: `` - rejecting this request
$ mc admin policy list myminio
consoleAdmin
diagnostics
readonly
readwrite
writeonlymc admin idp ldap policy attach myminio consoleAdmin --user='uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com'
$ mc admin idp ldap policy attach myminio consoleAdmin --user='uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com'
Attached Policies: [consoleAdmin]
To User: uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=comUsername: cniackz
Password: Itautomation1!
spec:
env:
- name: MINIO_IDENTITY_LDAP_SERVER_ADDR
value: "ldap.jumpcloud.com:636"
- name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN
value: "uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com"
- name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD
value: Itautomation1!
- name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN
value: "ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com"
- name: MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER
value: "(uid=%s)"
- name: MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY
value: "on"Or:
mc admin config set myminio/ identity_ldap \
server_addr="ldap.jumpcloud.com:636" \
lookup_bind_dn="uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com" \
lookup_bind_password=Itautomation1! \
user_dn_search_base_dn="ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com" \
user_dn_search_filter="(uid=%s)" \
tls_skip_verify=on --insecureExpected:
$ mc admin config set myminio/ identity_ldap \
> server_addr="ldap.jumpcloud.com:636" \
> lookup_bind_dn="uid=cniackz,ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com" \
> lookup_bind_password=Itautomation1! \
> user_dn_search_base_dn="ou=Users,o=64678734a355340072e048a0,dc=jumpcloud,dc=com" \
> user_dn_search_filter="(uid=%s)" \
> tls_skip_verify=on --insecure
Successfully applied new settings.
Please restart your server 'mc admin service restart myminio/'.Then re-start:
$ mc admin service restart myminio/ --insecure
Restart command successfully sent to `myminio/`. Type Ctrl-C to quit or wait to follow the status of the restart process.
...
Restarted `myminio/` successfully in 1 seconds
