Re: [ceph-users] Can't make LDAP work

Fri, 26 Jan 2018 06:21:28 -0800 

Hi Theofilos,

I'm not sure what's going wrong offhand, I see all the pieces in your writeup.

The first thing I would verify is that "CN=cephs3,OU=Users,OU=Organic
Units,DC=example,DC=com" see the users in
ldaps://ldap.example.com:636, and that "cn=myuser..." can itself
simple bind using standard tools.

What Ceph version are you running?

Matt

On Fri, Jan 26, 2018 at 5:27 AM, Theofilos Mouratidis
<mtheofi...@gmail.com> wrote:
> They gave me a ldap server working with users inside, and I want to create
> tokens for these users
>  to use s3 from their ldap credentials.
> I tried using the sanity check and I got this one working:
>
> ldapsearch -x -D "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com" -W
> -H ldaps://ldap.example.com:636 -b 'OU=Users,OU=Organic
> Units,DC=example,DC=com' 'cn=*' dn
>
> My config is like this:
> [global]
> rgw_ldap_binddn = "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com"
> rgw_ldap_dnattr = "cn"
> rgw_ldap_searchdn = "OU=Users,OU=Organic Units,DC=example,DC=com"
> rgw_ldap_secret = "plaintext_pass"
> rgw_ldap_uri = ldaps://ldap.example.com:636
> rgw_s3_auth_use_ldap = true
>
> I create my token to test the ldap feature:
>
> export RGW_ACCESS_KEY_ID="myuser" #where "dn: cn=myuser..." is in
> ldap.example.com
> export RGW_SECRET_ACCESS_KEY="mypass"
> radosgw-token --encode --ttype=ad
> abcad=
> radosgw-token --encode --ttype=ldap
> abcldap=
>
> Now I go to s3cmd and in config I have something like this:
> acess_key = abcad=
> secret_key =
> use_https = false
> host_base = ceph_rgw.example.com:8080
> host_bucket = ceph_rgw.example.com:8080
>
>
> I get access denied,
> then I try with the ldap key and I get the same problem.
> I created a local user out of curiosity and I put in s3cmd acess and secret
> and I could create a bucket. What am I doing wrong?
>
> _______________________________________________
> ceph-users mailing list
> ceph-users@lists.ceph.com
> http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
>



-- 

Matt Benjamin
Red Hat, Inc.
315 West Huron Street, Suite 140A
Ann Arbor, Michigan 48103

http://www.redhat.com/en/technologies/storage

tel.  734-821-5101
fax.  734-769-8938
cel.  734-216-5309
_______________________________________________
ceph-users mailing list
ceph-users@lists.ceph.com
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com

Reply via email to