MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-09 21:49:46 -05:00
Code Issues Packages Projects Releases Wiki Activity

feat: increase allowed maximum STS expiration timeout to 365 days (#12704)

Browse Source
This commit is contained in:
Harshavardhana
2021-07-14 00:08:22 -07:00
committed by GitHub
parent 83c37a44b6
commit 8d19efe7e0
6 changed files with 27 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/sts/ldap.md
View File

@@ -95,10 +95,12 @@ export MINIO_IDENTITY_LDAP_SERVER_ADDR=myldapserver.com:636
export MINIO_IDENTITY_LDAP_USERNAME_FORMAT="uid=%s,cn=accounts,dc=myldapserver,dc=com"
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="dc=myldapserver,dc=com"
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER="(&(objectclass=groupOfNames)(memberUid=%s)$)"
export MINIO_IDENTITY_LDAP_STS_EXPIRY=60h
export MINIO_IDENTITY_LDAP_STS_EXPIRY=720h
export MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on
```
> NOTE: In this example STS_EXPIRY is set to 1month, maximum expiry that can be set is 365 days.
### Variable substitution in AD/LDAP configuration strings ###
In the configuration variables, `%s` is substituted with the *username* from the STS request and `%d` is substituted with the *distinguished username (user DN)* of the LDAP user. Please see the following table for which configuration variables support these substitution variables: