docker版Minio接入LDAP
背景
因为官网的LDAP文档接入写的过于分散,实在不利于新手部署,所以重新整理了一版,方便用户能一次部署完成
docker 运行一个minio 服务端
1.首先我们使用docker运行一个新版本的minio。主要是设置minio的root用户名密码(以前叫AccessKey和secrestKey),LDAP服务端信息
2.注意下面运行命令中${}的替换成你自己的LDAP服务信息
docker run --rm -p 7000:9000 -p 7001:7001 --name minio1 \
-e "MINIO_ROOT_USER=minio" \
-e "MINIO_ROOT_PASSWORD=minio123" \
-e "MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY=on" \
-e "MINIO_IDENTITY_LDAP_SERVER_INSECURE=on" \
-e "MINIO_IDENTITY_LDAP_STS_EXPIRY=24h" \
-e "MINIO_IDENTITY_LDAP_SERVER_ADDR=${LDAP域名}" \
-e "MINIO_IDENTITY_LDAP_LOOKUP_BIND_DN=${LDAP只读账户}" \
-e "MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD=${LDAP只读账户的密码}" \
-e "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_BASE_DN=${LDAP用户搜索域}" \
-e "MINIO_IDENTITY_LDAP_USER_DN_SEARCH_FILTER=(&(objectClass=inetOrgPerson)(uid=%s))" \
-e "MINIO_IDENTITY_LDAP_GROUP_SEARCH_BASE_DN=${LDAP组搜索域}" \
-e "MINIO_IDENTITY_LDAP_GROUP_SEARCH_FILTER=(&(objectclass=groupOfUniqueNames)(uniquemember=%d))" \
minio/minio:RELEASE.2021-11-24T23-19-33Z server /data --console-address ":7001"
docker 运行一个minio 客户端
1.运行minio客户端,并进入容器内
docker run -it --entrypoint=/bin/sh minio/mc
2.设置客户端到服务端的连接信息
mc config host add minio http://${服务器IP}:7000 minio minio123 --api S3v4
3.检查minio服务端的权限列表
mc config host add minio http://${服务器IP}:7000 minio minio123 --api S3v4
4.设置用户权限或者组权限
mc admin policy set minio consoleAdmin user=cn=李镇伟,ou=XXX,ou=XXX,ou=XXX,dc=XXX
mc admin policy set minio consoleAdmin group=cn=南京测试部,dc=XXX
打开浏览器,使用ldap账户登录
这里我设置的是超管用户,所以可以看到所有的功能
python使用ldap账户接入minio,下载文件
from progress.bar import Bar
import threading
from minio import Minio
import zipfile
import os
import time
from minio.credentials import LdapIdentityProvider
# STS endpoint 一般来说就是 MinIO server的地址
sts_endpoint = "minio.lzw.local"
# LDAP username.
ldap_username = "ldap用户名"
# LDAP password.
ldap_password = "ldap密码"
provider = LdapIdentityProvider(sts_endpoint, ldap_username, ldap_password)
# 如果是http的注意secure=False,使用上面的ldap信息
client = Minio(sts_endpoint,secure=False, credentials=provider)
# 测试下载一个文件玩玩,加一个进度条
bucket_name="bucket名字"
object_name="object名字"
get_object_with_progress(client, bucket_name, object_name)
def get_object_with_progress(client, bucket_name, object_name):
try:
data = client.get_object(bucket_name, object_name)
total_length = int(data.headers.get('content-length'))
bar = Bar(object_name, max=total_length / 1024 / 1024, fill='*', check_tty=False,
suffix='%(percent).1f%% - %(eta_td)s')
with open('./' + object_name, 'wb') as file_data:
for d in data.stream(1024 * 1024):
bar.next(1)
file_data.write(d)
bar.finish()
except Exception as err:
print(err)
class ProgressThread(threading.Thread):
def __init__(self, name):
threading.Thread.__init__(self)
self.name = name
def run(self):
print("开始下载文件:" + self.name)
global download_flag
max_number = 100
bar = Bar(self.name, max=max_number, check_tty=False)
for i in range(max_number):
# Do some work
if download_flag is False:
bar.next(max_number - i)
bar.finish()
break
else:
time.sleep(2)
bar.next()
print("\n文件下载完成:" + self.name)