I think I have something wrong in my ldap setup, I cannot radosgw-admin user info --uid ldap users. So I have to fix this first. -----Original Message----- From: Benjeman Meekhof [mailto:bmeekhof@xxxxxxxxx] Sent: maandag 26 maart 2018 18:17 To: ceph-users Subject: Re: Radosgw ldap info Hi Marc, I can't speak to your other questions but as far as the user auth caps those are still kept in the radosgw metadata outside of ldap. As far as I know all that LDAP gives you is a way to authenticate users with a user/password combination. So, for example, if you create a user 'ldapuser' in your ldap directory, generate a token for that user, and then use the LDAP token to authenticate to RGW as that user you would then find this info in the radosgw metadata where it can be altered to set quotas, caps, etc. You could perhaps even add an access key so the conventional auth also works for that user identity (I have never tried that, we only do one or the other for any given user). $ radosgw-admin user info --uid ldapuser { "user_id": "ldapuser", "caps": [], ... etc ... "type": "ldap" } thanks, Ben On Sat, Mar 24, 2018 at 10:30 AM, Marc Roos <M.Roos@xxxxxxxxxxxxxxxxx> wrote: > > > To clarify if I understand correctly: > > It is NOT POSSIBLE to use an s3 client like eg. cyberduck/mountainduck > and supply a user with an 'Access key' and a 'Password' regardless if > the user is defined in ldap or local? > > I honestly cannot see how this ldap integration should even work, > without a proper ldap scheme for auth caps being available. Nor do I > understand where you set currently these auth caps, nor do I > understand what use the current ldap functionality has. > > Would be nice to update this on these pages > > https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/h > tml-single/ceph_object_gateway_with_ldapad_guide/index > http://docs.ceph.com/docs/master/radosgw/ldap-auth/ > > > Maybe it is good to give some 'beginners' access to the docs pages. > Because as they are learning ceph (and maybe missing info in the docs) > they can add this then. Because I have the impression that many things > asked here could be added to the docs. > > > > > > -----Original Message----- > From: Konstantin Shalygin [mailto:k0ste@xxxxxxxx] > Sent: zondag 18 maart 2018 5:04 > To: ceph-users@xxxxxxxxxxxxxx > Cc: Marc Roos; Yehuda Sadeh-Weinraub > Subject: Re: Radosgw ldap user authentication issues > > Hi Marc > > >> looks like no search is being done there. > >> rgw::auth::s3::AWSAuthStrategy denied with reason=-13 > > > The same for me, http://tracker.ceph.com/issues/23091 > > > But Yehuda closed this. > > > > > k > > > > _______________________________________________ > ceph-users mailing list > ceph-users@xxxxxxxxxxxxxx > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com _______________________________________________ ceph-users mailing list ceph-users@xxxxxxxxxxxxxx http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
 |