mc idp ldap accesskey create-with-login

The mc idp ldap accesskey create-with-login uses interactive terminal-based prompt to authenticate with the external AD/LDAP server and generate access keys for use with AIStor.

Syntax

Parameters

URL

Required

The of an AIStor deployment configured for AD/LDAP integration.

For example:

mc idp ldap accesskey create-with-login https://minio.example.net

--access-key

Optional

The access key to use once successfully authenticated. Omit to let AIStor randomly generate a value.

The access key cannot contain the characters = (equal sign) or , (comma).

Requires --secret-key

--secret-key

Optional

A secret key to use once successfully authenticated. Omit to let AIStor randomly generate a value.

Requires --access-key

--policy

Optional

File path to the JSON-formatted policy to use for the account. This policy _cannot_ grant additional privileges beyond the privileges associated with the authenticated AD/LDAP user.

Omit to use the AD/LDAP user policies.

--name

Optional

A human-readable name to use for the created access key.

--description

Optional

Create a description for the service account. For example, you might specify the reason the access key exists.

--expiry-duration

Optional

Length of time the access key pair should remain valid for use in #d#h#s format.

For example, 7d, 24h, 5d12h30s are valid strings.

Mutually exclusive with --expiry.

--expiry

Optional

The date after which the access key expires. Enter the date in YYYY-MM-DD format.

For example, to expire the credentials after December 31, 2024, enter 2024-12-31.

Mutually exclusive with --expiry-duration.

Global Flags

This command supports any of the global flags.

Behavior

S3 Compatibility

The mc commandline tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.

AIStor provides no guarantees for other S3-compatible services, As their S3 API implementation is unknown and therefore unsupported.

While mc commands may work as documented, any such usage is at your own risk.

Examples

Create a new access-key pair for the authenticated user

The following command creates a new access key pair to use with the currently authenticated user on the minio alias. The command outputs a randomly generated access key and secret key.

mc idp ldap accesskey create-with-login https://minio.example.net

Create a new access-key pair with a custom access key and secret key

The following command creates a new access key pair with both an access key and secret key that you specify for the user currently authenticated on the minio alias.

mc idp ldap accesskey create-with-login https://minio.example.net/ --access-key my-access-key-change-me --secret-key my-secret-key-change-me

Create a new access-key pair that expires after 24 hours

The following command creates a new access key pair to use with the currently authenticated user on the minio alias. The credentials expire after 24 hours.

The command outputs a randomly generated access key and secret key.

mc idp ldap accesskey create-with-login https://minio.example.net --expiry-duration 24h

Create a new access-key pair that expires after a date

The following command creates a new access key pair to use with the currently authenticated user on the minio alias. The credentials expire after February 28, 2025.

The command outputs a randomly generated access key and secret key.

mc idp ldap accesskey create-with-login https://minio.example.net --expiry 2025-02-28