Create an LDAP user for the Ceph Object Gateway.
Before you begin
Before creating the gateway user, ensure that the Ceph Object Gateway does not already have
the user.radosgw-admin metadata list user
For
example,
[ceph: root@host01 /]# radosgw-admin metadata list user
Look in the
output to be sure that the username is not in this list of users.
Procedure
- Create an LDAP user for the Ceph Object Gateway, and make note of
the
binddn.Since the Ceph Object Gateway uses the ceph
user, consider using ceph as the username. The user needs to have permission to
search the directory. The Ceph Object Gateway binds to this user as specified in
rgw_ldap_binddn.
- Test to verify that the user creation worked.
You can run a
search for the user, when the user ID (
uid) is
ceph for
People with the
example.com
domain.
# ldapsearch -x -D "uid=ceph,ou=People,dc=example,dc=com" -W -H ldaps://example.com -b "ou=People,dc=example,dc=com" -s sub 'uid=ceph'
- On each gateway node, create a file for the user’s
secret.
For example, the secret might get stored in a file entitled
/etc/bindpass.
For security, change the owner of this file to the
ceph user and group to ensure that it is not globally readable.
- Add the
rgw_ldap_secret option.
ceph config set client.rgw OPTION VALUE
For
example,
[ceph: root@host01 /]# ceph config set client.rgw rgw_ldap_secret /etc/bindpass
- Copy the updated configuration file to each Ceph node.
scp /etc/ceph/ceph.conf NODE:/etc/ceph