Hi Marc,
I can't speak to your other questions but as far as the user auth caps
those are still kept in the radosgw metadata outside of ldap. As far
as I know all that LDAP gives you is a way to authenticate users with
a user/password combination.
So, for example, if you create a user 'ldapuser' in your ldap
directory, generate a token for that user, and then use the LDAP
token to authenticate to RGW as that user you would then find this
info in the radosgw metadata where it can be altered to set quotas,
caps, etc. You could perhaps even add an access key so the
conventional auth also works for that user identity (I have never
tried that, we only do one or the other for any given user).
$ radosgw-admin user info --uid ldapuser
{
"user_id": "ldapuser",
"caps": [],
... etc ...
"type": "ldap"
}
thanks,
Ben
On Sat, Mar 24, 2018 at 10:30 AM, Marc Roos <M.Roos@xxxxxxxxxxxxxxxxx> wrote:
>
>
> To clarify if I understand correctly:
>
> It is NOT POSSIBLE to use an s3 client like eg. cyberduck/mountainduck
> and supply a user with an 'Access key' and a 'Password' regardless if
> the user is defined in ldap or local?
>
> I honestly cannot see how this ldap integration should even work,
> without a proper ldap scheme for auth caps being available. Nor do I
> understand where you set currently these auth caps, nor do I understand
> what use the current ldap functionality has.
>
> Would be nice to update this on these pages
>
> https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html-single/ceph_object_gateway_with_ldapad_guide/index
> http://docs.ceph.com/docs/master/radosgw/ldap-auth/
>
>
> Maybe it is good to give some 'beginners' access to the docs pages.
> Because as they are learning ceph (and maybe missing info in the docs)
> they can add this then. Because I have the impression that many things
> asked here could be added to the docs.
>
>
>
>
>
> -----Original Message-----
> From: Konstantin Shalygin [mailto:k0ste@xxxxxxxx]
> Sent: zondag 18 maart 2018 5:04
> To: ceph-users@xxxxxxxxxxxxxx
> Cc: Marc Roos; Yehuda Sadeh-Weinraub
> Subject: Re: Radosgw ldap user authentication issues
>
> Hi Marc
>
>
>> looks like no search is being done there.
>
>> rgw::auth::s3::AWSAuthStrategy denied with reason=-13
>
>
> The same for me, http://tracker.ceph.com/issues/23091
>
>
> But Yehuda closed this.
>
>
>
>
> k
>
>
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@xxxxxxxxxxxxxx
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
