They gave me a ldap server working with users inside, and I want to create tokens for these users
export RGW_ACCESS_KEY_ID="myuser" #where "dn: cn=myuser..." is in ldap.example.com
export RGW_SECRET_ACCESS_KEY="mypass"
to use s3 from their ldap credentials.
I tried using the sanity check and I got this one working:
ldapsearch -x -D "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com" -W -H ldaps://ldap.example.com:636 -b 'OU=Users,OU=Organic Units,DC=example,DC=com' 'cn=*' dn
ldapsearch -x -D "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com" -W -H ldaps://ldap.example.com:636 -b 'OU=Users,OU=Organic Units,DC=example,DC=com' 'cn=*' dn
My config is like this:
[global]
rgw_ldap_binddn = "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com"
rgw_ldap_dnattr = "cn"
rgw_ldap_searchdn = "OU=Users,OU=Organic Units,DC=example,DC=com"
rgw_ldap_secret = "plaintext_pass"
rgw_ldap_uri = ldaps://ldap.example.com:636
rgw_s3_auth_use_ldap = true
rgw_ldap_dnattr = "cn"
rgw_ldap_searchdn = "OU=Users,OU=Organic Units,DC=example,DC=com"
rgw_ldap_secret = "plaintext_pass"
rgw_ldap_uri = ldaps://ldap.example.com:636
rgw_s3_auth_use_ldap = true
I create my token to test the ldap feature:
export RGW_ACCESS_KEY_ID="myuser" #where "dn: cn=myuser..." is in ldap.example.com
export RGW_SECRET_ACCESS_KEY="mypass"
radosgw-token --encode --ttype=ad
abcad=
radosgw-token --encode --ttype=ldap
abcad=
radosgw-token --encode --ttype=ldap
abcldap=
Now I go to s3cmd and in config I have something like this:
acess_key = abcad=
secret_key =
use_https = false
I get access denied,
then I try with the ldap key and I get the same problem.
I created a local user out of curiosity and I put in s3cmd acess and secret and I could create a bucket. What am I doing wrong?
_______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
