❓ What?
To authenticate to a LDAP server as a RGW user, the ceph docs instruct one to use the token generated with radosgw-token --encode as the access key when used with AWS CLI.
However, when using s3cmd, two changes have to be made:
--access_tokenneeds to be used instead of--access_key--signature-v2needs to be specified
An example command might look like:
s3cmd --access_token=<access-token-from-radosgw-token> --signature-v2 s3://<host>:<port>/<bucket> ls
📚 References
# export AWS_ACCESS_KEY_ID=<base64-encoded token generated by radosgw-token>
# export AWS_SECRET_ACCESS_KEY="" # define this with an empty string, otherwise tools might complain about missing env variables.
— https://docs.ceph.com/en/reef/radosgw/ldap-auth/#using-the-access-token
--signature-v2 Use AWS Signature version 2 instead of newer signature
methods. Helpful for S3-like systems that don't have
AWS Signature v4 yet.