Get LDAP identity for console access/secret keys (#398)

- If MinIO is configured with LDAP then users and groups are external, and the credentials provided in the CONSOLE_ACCESS_KEY and CONSOLE_SECRET_KEY env vars will belong to an existing user in the active directory, therefore we need to authenticate first with `credentials.NewLDAPIdentity` - Fixed race condition bug in which TLS RootCAs certs were not loading correctly (certPool was always null) - Fixed TLS bug in which if Console was deployed without TLS enabled RootCAs certs were not loading - Initialize LDAP Admin credentials once - Initialize stsClient once
2020-11-20 11:52:34 -08:00
parent 8a6a75b7a2
commit 7a2358272a
12 changed files with 136 additions and 233 deletions
--- a/docs/ldap/billy.ldif
+++ b/docs/ldap/billy.ldif
@@ -0,0 +1,35 @@
+# LDIF fragment to create group branch under root
+dn: uid=billy,dc=example,dc=org
+uid: billy
+cn: billy
+sn: 3
+objectClass: top
+objectClass: posixAccount
+objectClass: inetOrgPerson
+loginShell: /bin/bash
+homeDirectory: /home/billy
+uidNumber: 14583102
+gidNumber: 14564100
+userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
+mail: billy@example.org
+gecos: Billy User
+
+# Create base group
+dn: ou=groups,dc=example,dc=org
+objectclass:organizationalunit
+ou: groups
+description: generic groups branch
+
+# create consoleAdmin group (this already exists on minio and have a policy of s3::*)
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+objectClass: top
+objectClass: posixGroup
+gidNumber: 678
+
+# Assing group to new user
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+changetype: modify
+add: memberuid
+memberuid: billy
+
+