Ha Son Hai <hasonhai124@xxxxxxxxx> wrote:
> Hello everyone,
> I try to apply the bucket policy to my bucket for LDAP user but it doesn't work.
> For user created by radosgw-admin, the policy works fine.
>
> {
>
> "Version": "2012-10-17",
>
> "Statement": [{
>
> "Effect": "Allow",
>
> "Principal": {"AWS": ["arn:aws:iam:::user/radosgw-user"]},
>
> "Action": "s3:*",
>
> "Resource": [
>
> "arn:aws:s3:::shared-tenant-test",
>
> "arn:aws:s3:::shared-tenant-test/*"
>
> ]
>
> }]
>
> }
LDAP users essentially are RGW users, so it should be this same
format. As I understand RGW's LDAP interface (I have not worked with
LDAP personally), every LDAP users get a corresponding RGW user whose
name is derived from rgw_ldap_dnattr, often 'uid' or 'cn', but this is
dependent on site.
If you, can check that part of configuration, and if that doesn't work
if you'll send some logs I'll take a look. If something fishy is going
on we can try opening a bug.
Thank you.
--
Senior Software Engineer Red Hat Storage, Ann Arbor, MI, US
IRC: Aemerson@OFTC, Actinic@Freenode
0x80F7544B90EDBFB9 E707 86BA 0C1B 62CC 152C 7C12 80F7 544B 90ED BFB9
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
