Hi, I'm currently running ceph 18.2.7 and I try to connect my RGW to my LDAP
After many hours to battle with that I end up to turn on every debug flag I can find. It seem the RGW try to bind anonymously to my ldap server, here the log on my ldap server (openldap) Jun 10 16:32:02 ldaps2-m2 slapd[453]: conn=836633 op=1 SRCH base="dc=obspm,dc=fr" scope=2 deref=0 filter="(&(&(objectClass=inetOrgPerson)(memberOf=cn=s3storage,ou=groups,ou=services_centraux,dc=obspm,dc=fr))(uid=jas))" Jun 10 16:32:02 ldaps2-m2 slapd[453]: conn=836633 op=1 SRCH attr=uid Jun 10 16:32:02 ldaps2-m2 slapd[453]: ==> limits_get: conn=836633 op=1 self="[anonymous]" this="dc=obspm,dc=fr" We don't want to allow the anonymous bind here. I set ceph config set client.rgw rgw_ldap_binddn "cn=s3storage,ou=dsa,ou=services_centraux,dc=obspm,dc=fr" ceph config set client.rgw rgw_ldap_secret "/etc/ceph/ldappw.txt" ceph config set client.rgw rgw_ldap_searchdn "dc=obspm,dc=fr" I check the file /etc/ceph/ldappw.txt, give it to root:root, to ceph:ceph, change the right 600/644 but whatever I does it'still trying to bind anonymously. I can even find the string s3storage,ou=dsa inside the debug log of my ldap server. It's like rgw don't even try ton bind with the binddn I give it to him I try to run a shell inside the podman container but was unable to find where the rgw config is «instanciated» inside the container (to see what it get). Any clue ? Regards -- Albert SHIH 🦫 🐸 Observatoire de Paris France Heure locale/Local time: mar. 10 juin 2025 16:36:11 CEST _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
