Hi,
I didn't read the entire thread in detail, but to get some file mapped
into the containers you can utilize extra-entrypoint-args [0].
[0] https://docs.ceph.com/en/reef/cephadm/services/#extra-entrypoint-arguments
Zitat von Albert Shih <albert.s...@obspm.fr>:
Le 10/06/2025 à 16:46:28+0200, Albert Shih a écrit
Hi,
I'm currently running ceph 18.2.7 and I try to connect my RGW to my LDAP
After many hours to battle with that I end up to turn on every debug flag I
can find.
It seem the RGW try to bind anonymously to my ldap server, here the log on
my ldap server (openldap)
Jun 10 16:32:02 ldaps2-m2 slapd[453]: conn=836633 op=1 SRCH
base="dc=obspm,dc=fr" scope=2 deref=0
filter="(&(&(objectClass=inetOrgPerson)(memberOf=cn=s3storage,ou=groups,ou=services_centraux,dc=obspm,dc=fr))(uid=jas))"
Jun 10 16:32:02 ldaps2-m2 slapd[453]: conn=836633 op=1 SRCH attr=uid
Jun 10 16:32:02 ldaps2-m2 slapd[453]: ==> limits_get: conn=836633
op=1 self="[anonymous]" this="dc=obspm,dc=fr"
We don't want to allow the anonymous bind here.
I set
ceph config set client.rgw rgw_ldap_binddn
"cn=s3storage,ou=dsa,ou=services_centraux,dc=obspm,dc=fr"
ceph config set client.rgw rgw_ldap_secret "/etc/ceph/ldappw.txt"
ceph config set client.rgw rgw_ldap_searchdn "dc=obspm,dc=fr"
I think I find a clue.
Inside the container (I'm using podman) I don't see (podman inspect)
any bind/mount of the
file /etc/ceph/ldapww.txt. So I'm guessing RGW don't see any password and
rollback to anonymous bind.
Any clue why ? or better...how to fix that ?
Regards
--
Albert SHIH 🦫 🐸
France
Heure locale/Local time:
mar. 10 juin 2025 23:12:02 CEST
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
_______________________________________________
ceph-users mailing list -- ceph-users@ceph.io
To unsubscribe send an email to ceph-users-le...@ceph.io
