mc idp ldap accesskey create-with-login

The mc idp ldap accesskey create-with-login uses interactive terminal-based prompt to authenticate with the external AD/LDAP server and generate access keys for use with AIStor.

Syntax

Example

The following example prompts the user to provide their AD/LDAP credentials. It then generates a new access key pair using the policy or policies associated with that AD/LDAP user.

mc idp ldap accesskey create-with-login https://myaistor.example.net/

Syntax

The command has the following syntax:

mc [GLOBALFLAGS] idp ldap accesskey create-with-login        \
                                 URL                         \
                                 [CONFIG_NAME]               \
                                 [--access-key <value>]      \
                                 [--secret-key <value>]      \
                                 [--policy <value>]          \
                                 [--name <value>]            \
                                 [--description <value>]     \
                                 [--expiry <value>]          \
                                 [--expiry-duration <value>]

Replace URL with the FQDN or IP address of an AIStor deployment configured for AD/LDAP integration.
Optionally specify CONFIG_NAME to use a non-default LDAP configuration.
Brackets [] indicate optional parameters.
Parameters sharing a line are mutually dependent.
Parameters separated using the pipe | operator are mutually exclusive.

Copy the example to a text editor and modify as-needed before running the command in the terminal/shell.

Parameters

URL

Required

The FQDN or IP address of an AIStor deployment configured for AD/LDAP integration.

CONFIG_NAME

Optional

The name of a non-default LDAP configuration to use. If not specified, the command uses the default LDAP configuration.

--access-key

Optional

The access key to use once successfully authenticated. Omit to let AIStor randomly generate a value.

The access key cannot contain the characters = (equal sign) or , (comma).

Requires --secret-key

--secret-key

Optional

A secret key to use once successfully authenticated. Omit to let AIStor randomly generate a value.

Requires --access-key

--policy

Optional

File path to the JSON-formatted policy to use for the account. This policy cannot grant additional privileges beyond the privileges associated with the authenticated AD/LDAP user.

Omit to use the AD/LDAP user policies.

--name

Optional

A human-readable name to use for the created access key.

--description

Optional

Create a description for the service account. For example, you might specify the reason the access key exists.

--expiry-duration

Optional

Length of time the access key pair should remain valid for use in #d#h#s format.

For example, 7d, 24h, 5d12h30s are valid strings.

Mutually exclusive with --expiry.

--expiry

Optional

The future date and time when the access key expires. The access key becomes invalid at the start of the specified date and time (midnight if no time is specified).

Supported formats:

Format	Example	Description
`YYYY-MM-DD`	`2025-12-31`	Expires at midnight (00:00:00) on the specified date
`YYYY-MM-DDTHH:MM`	`2025-12-31T23:59`	Expires at the specified date and time
`YYYY-MM-DDTHH:MM:SS`	`2025-12-31T23:59:59`	Expires at the specified date, time, and seconds
RFC3339	`2025-12-31T23:59:59Z`	Expires at the specified UTC time

Dates without a timezone use the local timezone of the machine running the command. Use RFC3339 format with Z suffix or timezone offset for explicit UTC times.

Mutually exclusive with --expiry-duration.

Global flags

This command supports any of the global flags.

Examples

Create a new access-key pair for the authenticated user

The following command creates a new access key pair to use with the currently authenticated user on the minio alias. The command outputs a randomly generated access key and secret key.

mc idp ldap accesskey create-with-login https://myaistor.example.net

Create a new access-key pair with a custom access key and secret key

The following command creates a new access key pair with both an access key and secret key that you specify for the user currently authenticated on the minio alias.

mc idp ldap accesskey create-with-login https://myaistor.example.net/ --access-key my-access-key-change-me --secret-key my-secret-key-change-me

Create a new access-key pair that expires after 24 hours

The following command creates a new access key pair to use with the currently authenticated user on the minio alias. The credentials expire after 24 hours.

The command outputs a randomly generated access key and secret key.

mc idp ldap accesskey create-with-login https://myaistor.example.net --expiry-duration 24h

Create a new access-key pair that expires after a date

The following command creates a new access key pair to use with the currently authenticated user on the minio alias. The credentials expire after February 28, 2025.

The command outputs a randomly generated access key and secret key.

mc idp ldap accesskey create-with-login https://myaistor.example.net --expiry 2025-02-28

Create an access key using a non-default LDAP configuration

The following command creates a new access key pair using the LDAP configuration named myldap instead of the default configuration.

mc idp ldap accesskey create-with-login https://myaistor.example.net myldap

Behavior

S3 compatibility

The mc command-line tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.

MinIO provides no guarantees for other S3-compatible services, as their S3 API implementation is unknown and therefore unsupported.

While mc commands may work as documented, any such usage is at your own risk.