mirror of
https://github.com/minio/minio.git
synced 2025-01-11 15:03:22 -05:00
5f51ef0b40
This change allows the MinIO server to be configured with a special (read-only) LDAP account to perform user DN lookups. The following configuration parameters are added (along with corresponding environment variables) to LDAP identity configuration (under `identity_ldap`): - lookup_bind_dn / MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN - lookup_bind_password / MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD - user_dn_search_base_dn / MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN - user_dn_search_filter / MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER This lookup-bind account is a service account that is used to lookup the user's DN from their username provided in the STS API. When configured, searching for the user DN is enabled and configuration of the base DN and filter for search is required. In this "lookup-bind" mode, the username format is not checked and must not be specified. This feature is to support Active Directory setups where the DN cannot be simply derived from the username. When the lookup-bind is not configured, the old behavior is enabled: the minio server performs LDAP lookups as the LDAP user making the STS API request and the username format is checked and configuring it is required. |
||
|---|---|---|
| .. | ||
| bigdata | ||
| bucket | ||
| chroot | ||
| compression | ||
| config | ||
| debugging | ||
| deployment/kernel-tuning | ||
| disk-caching | ||
| distributed | ||
| docker | ||
| erasure | ||
| federation/lookup | ||
| gateway | ||
| integrations/veeam | ||
| kms | ||
| logging | ||
| metrics | ||
| multi-tenancy | ||
| multi-user | ||
| orchestration | ||
| screenshots | ||
| security | ||
| select | ||
| shared-backend | ||
| sts | ||
| throttle | ||
| tls | ||
| zh_CN | ||
| minio-limits.md | ||