mc idp ldap accesskey create-with-login
The mc idp ldap accesskey create-with-login
uses interactive terminal-based prompt to authenticate with the external AD/LDAP server and generate access keys for use with AIStor.
Syntax
Parameters
URL
Required
The of an AIStor deployment configured for AD/LDAP integration.
For example:
mc idp ldap accesskey create-with-login https://minio.example.net
--access-key
Optional
The access key to use once successfully authenticated. Omit to let AIStor randomly generate a value.
The access key cannot contain the characters =
(equal sign) or ,
(comma).
Requires --secret-key
--secret-key
Optional
A secret key to use once successfully authenticated. Omit to let AIStor randomly generate a value.
Requires --access-key
--policy
Optional
File path to the JSON-formatted policy to use for the account. This policy _cannot_ grant additional privileges beyond the privileges associated with the authenticated AD/LDAP user.
Omit to use the AD/LDAP user policies.
--name
Optional
A human-readable name to use for the created access key.
--description
Optional
Create a description for the service account. For example, you might specify the reason the access key exists.
--expiry-duration
Optional
Length of time the access key pair should remain valid for use in #d#h#s
format.
For example, 7d
, 24h
, 5d12h30s
are valid strings.
Mutually exclusive with --expiry
.
--expiry
Optional
The date after which the access key expires.
Enter the date in YYYY-MM-DD
format.
For example, to expire the credentials after December 31, 2024, enter 2024-12-31
.
Mutually exclusive with --expiry-duration
.
Global Flags
This command supports any of the global flags.
Behavior
S3 Compatibility
The mc
commandline tool is built for compatibility with the AWS S3 API and is tested with AIStor and AWS S3 for expected functionality and behavior.
AIStor provides no guarantees for other S3-compatible services, As their S3 API implementation is unknown and therefore unsupported.
While mc
commands may work as documented, any such usage is at your own risk.
Examples
Create a new access-key pair for the authenticated user
The following command creates a new access key pair to use with the currently authenticated user on the minio
alias.
The command outputs a randomly generated access key and secret key.
mc idp ldap accesskey create-with-login https://minio.example.net
Create a new access-key pair with a custom access key and secret key
The following command creates a new access key pair with both an access key and secret key that you specify for the user currently authenticated on the minio
alias.
mc idp ldap accesskey create-with-login https://minio.example.net/ --access-key my-access-key-change-me --secret-key my-secret-key-change-me
Create a new access-key pair that expires after 24 hours
The following command creates a new access key pair to use with the currently authenticated user on the minio
alias.
The credentials expire after 24 hours.
The command outputs a randomly generated access key and secret key.
mc idp ldap accesskey create-with-login https://minio.example.net --expiry-duration 24h
Create a new access-key pair that expires after a date
The following command creates a new access key pair to use with the currently authenticated user on the minio
alias.
The credentials expire after February 28, 2025.
The command outputs a randomly generated access key and secret key.
mc idp ldap accesskey create-with-login https://minio.example.net --expiry 2025-02-28