They gave me a ldap server working with users inside, and I want to create tokens for these users to use s3 from their ldap credentials. I tried using the sanity check and I got this one working:
ldapsearch -x -D "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com" -W -H ldaps://ldap.example.com:636 -b 'OU=Users,OU=Organic Units,DC=example,DC=com' 'cn=*' dn My config is like this: [global] rgw_ldap_binddn = "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com" rgw_ldap_dnattr = "cn" rgw_ldap_searchdn = "OU=Users,OU=Organic Units,DC=example,DC=com" rgw_ldap_secret = "plaintext_pass" rgw_ldap_uri = ldaps://ldap.example.com:636 rgw_s3_auth_use_ldap = true I create my token to test the ldap feature: export RGW_ACCESS_KEY_ID="myuser" #where "dn: cn=myuser..." is in ldap.example.com export RGW_SECRET_ACCESS_KEY="mypass" radosgw-token --encode --ttype=ad abcad= radosgw-token --encode --ttype=ldap abcldap= Now I go to s3cmd and in config I have something like this: acess_key = abcad= secret_key = use_https = false host_base = ceph_rgw.example.com:8080 host_bucket = ceph_rgw.example.com:8080 I get access denied, then I try with the ldap key and I get the same problem. I created a local user out of curiosity and I put in s3cmd acess and secret and I could create a bucket. What am I doing wrong?
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
