Hello Matt, I am using luminous 12.2.2. I can find both accounts using both accounts as bindings e.g.: ldapsearch -x -D "CN=myuser,OU=Users,OU=Organic Units,DC=example,DC=com" -W -H ldaps://ldap.example.com:636 -b 'OU=Users,OU=Organic Units,DC=example,DC=com' 'cn=myuser' dn Enter LDAP Password: # extended LDIF # # LDAPv3 # base <OU=Users,OU=Organic Units,DC=example,DC=com> with scope subtree # filter: cn=myuser # requesting: dn #
# myuser, Users, Organic Units, example.com dn: CN=myuser,OU=Users,OU=Organic Units,DC=example,DC=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 I get the same result if I use cephs3 after -D in ldapsearch On 26 January 2018 at 15:20, Matt Benjamin <[email protected]> wrote: > Hi Theofilos, > > I'm not sure what's going wrong offhand, I see all the pieces in your > writeup. > > The first thing I would verify is that "CN=cephs3,OU=Users,OU=Organic > Units,DC=example,DC=com" see the users in > ldaps://ldap.example.com:636, and that "cn=myuser..." can itself > simple bind using standard tools. > > What Ceph version are you running? > > Matt > > On Fri, Jan 26, 2018 at 5:27 AM, Theofilos Mouratidis > <[email protected]> wrote: > > They gave me a ldap server working with users inside, and I want to > create > > tokens for these users > > to use s3 from their ldap credentials. > > I tried using the sanity check and I got this one working: > > > > ldapsearch -x -D "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com" > -W > > -H ldaps://ldap.example.com:636 -b 'OU=Users,OU=Organic > > Units,DC=example,DC=com' 'cn=*' dn > > > > My config is like this: > > [global] > > rgw_ldap_binddn = "CN=cephs3,OU=Users,OU=Organic Units,DC=example,DC=com" > > rgw_ldap_dnattr = "cn" > > rgw_ldap_searchdn = "OU=Users,OU=Organic Units,DC=example,DC=com" > > rgw_ldap_secret = "plaintext_pass" > > rgw_ldap_uri = ldaps://ldap.example.com:636 > > rgw_s3_auth_use_ldap = true > > > > I create my token to test the ldap feature: > > > > export RGW_ACCESS_KEY_ID="myuser" #where "dn: cn=myuser..." is in > > ldap.example.com > > export RGW_SECRET_ACCESS_KEY="mypass" > > radosgw-token --encode --ttype=ad > > abcad= > > radosgw-token --encode --ttype=ldap > > abcldap= > > > > Now I go to s3cmd and in config I have something like this: > > acess_key = abcad= > > secret_key = > > use_https = false > > host_base = ceph_rgw.example.com:8080 > > host_bucket = ceph_rgw.example.com:8080 > > > > > > I get access denied, > > then I try with the ldap key and I get the same problem. > > I created a local user out of curiosity and I put in s3cmd acess and > secret > > and I could create a bucket. What am I doing wrong? > > > > _______________________________________________ > > ceph-users mailing list > > [email protected] > > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com > > > > > > -- > > Matt Benjamin > Red Hat, Inc. > 315 West Huron Street, Suite 140A > Ann Arbor, Michigan 48103 > > http://www.redhat.com/en/technologies/storage > > tel. 734-821-5101 > fax. 734-769-8938 > cel. 734-216-5309 >
_______________________________________________ ceph-users mailing list [email protected] http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
