Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add LDAP DNS SRV record lookup support #16201

Merged
merged 1 commit into from
Dec 12, 2022
Merged

Add LDAP DNS SRV record lookup support #16201

merged 1 commit into from
Dec 12, 2022

Conversation

donatello
Copy link
Member

Description

The main change is in the minio/pkg lib, this change updates docs and adds configuration option.

Needs minio/pkg#52

Motivation and Context

DNS SRV records are used for LDAP high-availability - https://ldap.com/dns-srv-records-for-ldap/

How to test this PR?

Test setup would need a configured DNS SRV record - this change is not end to end tested. However, it is possible to ensure that DNS SRV querying is working by picking a public DNS SRV record (e.g. _ldap._tcp.google.com ) - obviously cannot login with that, you can get a credentials invalid error.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Unit tests added/updated
  • Internal documentation updated
  • Create a documentation update request here

@minio minio deleted a comment from minio-trusted Dec 12, 2022
klauspost
klauspost reviewed Dec 12, 2022
View reviewed changes
go.mod Outdated Show resolved Hide resolved
@donatello donatello force-pushed the ldap-srv branch 2 times, most recently from 0539efb to 8bc2e04 Compare December 12, 2022 17:29
harshavardhana
harshavardhana requested changes Dec 12, 2022
View reviewed changes
go.mod Outdated Show resolved Hide resolved
@donatello
Add LDAP DNS SRV record lookup support
7765bee 
The main change is in the minio/pkg lib, this change updates docs and
adds configuration option.
@minio-trusted
Copy link
Contributor

Mint Automation

Test Result
mint-large-bucket.sh ✔️
mint-fs.sh ✔️
mint-erasure.sh ✔️
mint-dist-erasure.sh ✔️
mint-compress-encrypt-dist-erasure.sh ✔️
mint-pools.sh more...

16201-7765bee/mint-pools.sh.log:

Running with
SERVER_ENDPOINT:      15.15.15.6:31685
ACCESS_KEY:           minio
SECRET_KEY:           ***REDACTED***
ENABLE_HTTPS:         0
SERVER_REGION:        us-east-1
MINT_DATA_DIR:        /mint/data
MINT_MODE:            full
ENABLE_VIRTUAL_STYLE: 0
RUN_ON_FAIL:          0

To get logs, run 'docker cp 071110e910aa:/mint/log /tmp/mint-logs'

(1/14) Running aws-sdk-go tests ... done in 2 seconds
(2/14) Running aws-sdk-java tests ... done in 1 seconds
(3/14) Running aws-sdk-php tests ... done in 43 seconds
(4/14) Running aws-sdk-ruby tests ... done in 7 seconds
(5/14) Running awscli tests ... FAILED in 17 seconds
{
  "name": "awscli",
  "duration": 11519,
  "function": "delete_bucket\n",
  "status": "FAIL",
  "error": "fatal error: An error occurred (InternalError) when calling the ListObjectsV2 operation (reached max retries: 4): We encountered an internal error, please try again.: cause(listPathRaw: 0 drives provided)remove_bucket failed: Unable to delete all objects in the bucket, bucket will not be deleted."
}
(5/14) Running healthcheck tests ... done in 0 seconds
(6/14) Running mc tests ... done in 54 seconds
(7/14) Running minio-go tests ... FAILED in 9 seconds
{
  "args": {
    "bucketName": "minio-go-test-bbhq4vv0o5clwya1",
    "region": "eu-west-1"
  },
  "duration": 4417,
  "error": "We encountered an internal error, please try again.: cause(listPathRaw: 0 drives provided)",
  "function": "MakeBucket(bucketName, region)",
  "message": "CleanupBucket failed while removing bucket recursively",
  "name": "minio-go: testMakeBucketRegionsV2",
  "status": "FAIL"
}
(7/14) Running minio-java tests ... done in 35 seconds
(8/14) Running minio-js tests ... FAILED in 11 seconds
{
  "name": "minio-js",
  "function": "\"after all\" hook in \"functional tests\"",
  "duration": 6,
  "status": "FAIL",
  "error": "S3Error: The bucket you tried to delete is not empty at Object.parseError (node_modules/minio/dist/main/xml-parsers.js:71:11) at /mint/run/core/minio-js/node_modules/minio/dist/main/transformers.js:166:22 at DestroyableTransform._flush (node_modules/minio/dist/main/transformers.js:90:10) at DestroyableTransform.prefinish (node_modules/readable-stream/lib/_stream_transform.js:129:10) at prefinish (node_modules/readable-stream/lib/_stream_writable.js:611:14) at finishMaybe (node_modules/readable-stream/lib/_stream_writable.js:620:5) at endWritable (node_modules/readable-stream/lib/_stream_writable.js:643:3) at DestroyableTransform.Writable.end (node_modules/readable-stream/lib/_stream_writable.js:571:22) at IncomingMessage.onend (internal/streams/readable.js:670:10) at endReadableNT (internal/streams/readable.js:1333:12) at processTicksAndRejections (internal/process/task_queues.js:82:21)"
}
(8/14) Running minio-py tests ... done in 1 minutes and 55 seconds
(9/14) Running s3cmd tests ... done in 26 seconds
(10/14) Running s3select tests ... done in 4 seconds
(11/14) Running versioning tests ... done in 3 minutes and 6 seconds

Executed 11 out of 14 tests successfully.

Deleting image on docker hub
Deleting image locally

@donatello donatello merged commit a469e67 into minio:master Dec 12, 2022
@donatello donatello deleted the ldap-srv branch December 12, 2022 19:27
@feorlen feorlen mentioned this pull request Aug 10, 2023
Merged
feorlen added a commit to minio/docs that referenced this pull request Aug 11, 2023
@feorlen
Remove sts_expiry, username_format; add srv_record_name (#947)
389d338 
Remove long-gone LDAP settings and add docs for a recent one.

Gone:
- `sts_expiry`, `MINIO_IDENTITY_LDAP_STS_EXPIRY`
- `username_format`, `MINIO_IDENTITY_LDAP_USERNAME_FORMAT`
- Username-Bind mode

Related code change: minio/minio#13165

Recent:
- `srv_record_name` for lookup via DNS SVR records

Added in minio/minio#16201
RELEASE.2022-12-12T19-27-27Z

Staged:

http://192.241.195.202:9000/staging/DOCS-919-2-svc-record/linux/html/reference/minio-server/minio-server.html#envvar.MINIO_IDENTITY_LDAP_SRV_RECORD_NAME

http://192.241.195.202:9000/staging/DOCS-919-2-svc-record/linux/html/reference/minio-mc-admin/mc-admin-config.html#mc-conf.identity_ldap.srv_record_name
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@klauspost klauspost klauspost left review comments

@krisis krisis krisis approved these changes

@harshavardhana harshavardhana harshavardhana approved these changes

@vadmeste vadmeste Awaiting requested review from vadmeste

@kannappanr kannappanr Awaiting requested review from kannappanr

Assignees
No one assigned
Labels
new-feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@donatello @minio-trusted @krisis @harshavardhana @klauspost @bh4t