Support #37157
openhow to use "RGW_ACCESS_KEY_ID" with S3/swift for AD user ?
0%
Description
ceph --version
ceph version 13.2.2 (02899bfda814146b021136e9d8e80eba494e1126) mimic (stable)
Cluster status is healthy.
I have a Ceph Object Gateway configured to use Ceph Storage cluster, tested S3/Swift "testuser" with "my_new_bucket" created by following the guide below, all works !
http://docs.ceph.com/docs/mimic/install/install-ceph-gateway/#using-the-gateway
I want to test more from using Microsoft AD user to write from Ceph Object Gateway node to use Ceph Object Storage function, following the guide:
1). http://docs.ceph.com/docs/mimic/radosgw/ldap-auth/
2). https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/3/html-single/ceph_object_gateway_with_ldapad_guide/index#rgw-ldap-test-the-configuration-ldap
I did setup AD/DNS server, and registered Ceph Object Gateway node for services, tested OS access on Ceph Object Gateway node from AD domain user, it works. Next I follow the doc above to use AD user for S3/swift write on Object Gateway.
Issue: there is no details, and no examples on how to use "RGW_ACCESS_KEY_ID" with S3/swift for AD user.
4.2. Export an LDAP Token: ( Red Hat Doc )
- export RGW_ACCESS_KEY_ID="<username>"
- export RGW_SECRET_ACCESS_KEY="<password>"
- radosgw-token --encode --ttype=ad
- export RGW_ACCESS_KEY_ID="*****************************************************************"
4.3. Test the Configuration with an S3 Client ( Red Hat Doc), ---The secret is no longer required !!!
Question_1:
If I have an AD user "ceph_user", with password as "ceph_user_passwd", run test below:
- export RGW_ACCESS_KEY_ID="ceph_user"
- export RGW_SECRET_ACCESS_KEY="ceph_user_passwd"
- radosgw-token --encode --ttype=ad
- export RGW_ACCESS_KEY_ID="*****", should this step use output from radosgw-token for "*****", is this make "ceph_user" = "radosgw-token" ? Why ?
Question_2:
S3 python API uses 2 lines below to get authentication pass in ceph object storage, what should be used as for adosgw-token here ?(http://docs.ceph.com/docs/mimic/radosgw/s3/python/ )
aws_access_key_id = access_key,
aws_secret_access_key = secret_key,
Question_3:
2.6. Add a Gateway User:
[global]
...
rgw_ldap_secret = /etc/bindpass
...
What is the contains for file "/etc/bindpass" ? Does anyone has an example in more details ?
Thanks for help !
Ben