Minio LDAP Integration

girish

My understanding is that LDAP is only for the STS integration and not for login and minio dashboard. (STS is a token service where services can request a temporary access token from access key and secret).

girish

Digging deeper I found this issue - https://github.com/minio/minio/issues/9837 . From there, I found that there is another admin UI for minio (?) - https://github.com/minio/console which looks way better than the current one. It's unclear to me why these are separate projects and how they are tied together.

There's some LDAP setup docs at https://github.com/minio/console/blob/master/DEVELOPMENT.md . Also this blog post - https://blog.min.io/new-minio-console/

infogulch

@girish Wow that console UI looks great. Based on the publish date of that article and the current release tag on the console (0.7.0) it seems that it's a pretty new project. As far as being separate I can imagine wanting to have a very lightweight UI for the storage device itself and running the full-featured UI separately, especially if they're targeting k8s-like deployments.

marcusquinn

"You’re one docker pull and three minutes of configuration away from a browser-based interface that taps into the most powerful features of the MinIO storage suite."

Nice find! Just "three minutes" work then

jdaviescoates

@atrilahiji said in Minio LDAP Integration:

The more services I can use with LDAP, the better.

Agreed.

(And I still really want to be able to filter the app store by LDAP support and for Discourse and NodeBB to have LDAP added )

@girish said in Minio LDAP Integration:

From there, I found that there is another admin UI for minio (?) - https://github.com/minio/console which looks way better than the current one. It's unclear to me why these are separate projects and how they are tied together.
There's some LDAP setup docs at https://github.com/minio/console/blob/master/DEVELOPMENT.md . Also this blog post - https://blog.min.io/new-minio-console/

It would be awesome to have this lovely new Minio GUI available in Cloudron!

girish

Agreed, I think we should open up a separate app request for this minio console.

girish

It seems the latest minio release has deprecated/removed the old object browser and merged the console project into the main app.

A Former User

@girish Huh... are you going to just update the current app or make a v2 app and keep the old one around?

girish

@atridad Hopefully, we don't need another app. It's confusing a bit because it seems the API and the UI run on different ports. Maybe they are trying to achieve some multi-domain style setup, not sure.

A Former User

@girish Ahhh I see. Only reason I figured it might be needed is if their re-write makes updating difficult.

A Former User

@infogulch
Hi
we have LDAP username ,password and ldap server details and need to integrate with minio in kubernets cluster
Could you please guide me , where to setup in minio server and we have below data but i am not understanding ,in which location of minio server , need to setup and after setting the ldap details, where to find in minio server.

export MINIO_IDENTITY_LDAP_SERVER_ADDR=myldapserver.com:636
export MINIO_IDENTITY_LDAP_USERNAME_FORMAT="uid=%s,cn=accounts,dc=myldapserver,dc=com"
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN="dc=myldapserver,dc=com"
export MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER="(&(objectclass=groupOfNames)(memberUid=%s)$)"
export MINIO_IDENTITY_LDAP_STS_EXPIRY=60h
export MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on

https://github.com/minio/minio/blob/master/docs/sts/ldap.md--- could not help me much.

Thanks,

A Former User

This post is deleted!

A Former User

@baswaraj wrong community. Ask the minio devs.

BrutalBirdie

https://docs.min.io/minio/baremetal/security/ad-ldap-external-identity-management/configure-ad-ldap-external-identity-management.html#minio-authenticate-using-ad-ldap-generic

I am currently checking whats going on with LDAP and the new console.

https://git.cloudron.io/cloudron/minio-app/-/merge_requests/2