Adds info the docs about recent changes to LDAP and SFTP authentication

Adds new config/envvar parameter
Adds new sftp option for server
Adds new example for forcing ldap or sa auth to SFTP

Closes #1240
Closes #1229
Closes #1226

source/includes/common-minio-ad-ldap-params.rst

@@ -34,6 +34,13 @@
 
    This parameter corresponds with the :envvar:`MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD` environment variable.
 
+.. mc-cmd:: user_dn_attributes
+   :optional:
+
+   .. include:: /includes/common-minio-external-auth.rst
+      :start-after: start-minio-ad-ldap-user-dn-attributes
+      :end-before: end-minio-ad-ldap-user-dn-attributes
+
 .. mc-cmd:: user_dn_search_base_dn
    :required:
 

source/includes/common-minio-external-auth.rst

@@ -211,6 +211,24 @@ Specify the password for the :ref:`Lookup-Bind
 
 .. end-minio-ad-ldap-lookup-bind-password
 
+.. start-minio-ad-ldap-user-dn-attributes
+
+.. versionadded:: RELEASE.2024-06-06T09-36-42Z
+
+Comma-separated list of user DN attributes.
+
+Some valid values include, ``uid,cn,mail,sshPublicKey``.
+
+To enable public authentication for LDAP users, pass ``sshPublicKey`` as a DN attribute.
+The user can then use the passed SSH Public Key to log in to SFTP servers.
+
+.. code-block:: text
+   :class: copyable
+
+   mc idp ldap update ALIAS user_dn_attributes=sshPublicKey
+
+.. end-minio-ad-ldap-user-dn-attributes
+
 .. start-minio-ad-ldap-user-dn-search-base-dn
 
 Specify the base Distinguished Name (DN) MinIO uses when querying for 

source/includes/k8s/file-transfer-protocol-k8s.rst

@@ -165,3 +165,21 @@ If SFTP is enabled, the output resembles the following:
 
    enableSFTP: true
 
+Force use of service account or ldap for authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To force authentication to SFTP using LDAP or service account credentials, append a suffix to the username.
+Valid suffixes are either ``=ldap`` or ``=svc``.
+
+.. code-block:: console
+
+   > sftp -P 8022 my-ldap-user=ldap@[minio@localhost]:/bucket
+
+
+.. code-block:: console
+
+   > sftp -P 8022 my-ldap-user=svc@[minio@localhost]:/bucket
+
+
+- Replace ``my-ldap-user`` with the username to use.
+- Replace ``[minio@localhost]`` with the address of the MinIO server.

source/includes/linux/file-transfer-protocol-not-k8s.rst

@@ -3,7 +3,7 @@
 Overview
 --------
 
-Starting with :minio-release:`MinIO Server RELEASE.2023-04-20T17-56-55Z <RELEASE.2023-04-20T17-56-55Z>`, you can use the File Transfer Protocol (FTP) to interact with the objects on a MinIO deployment.
+Starting with :minio-release:`MinIO Server RELEASE.2023-04-20T17-56-55Z <RELEASE.2023-04-20T17-56-55Z>`, you can use the File Transfer Protocol (FTP) or SSH File Transfer Protocol (SFTP) to interact with the objects on a MinIO deployment.
 
 You must specifically enable FTP or SFTP when starting the server.
 Enabling either server type does not affect other MinIO features.
@@ -67,7 +67,7 @@ Specifically:
 
 - For read operations, MinIO only returns the latest version of the requested object(s) to the FTP client.
 - For write operations, MinIO applies normal versioning behavior and creates a new object version at the specified namespace.
-  ``rm`` and ``rmdir`` operations create ``DeleteMarker`` objects.
+  ``delete`` and ``rmdir`` operations create ``DeleteMarker`` objects.
 
 
 Authentication and Access
@@ -223,3 +223,21 @@ The following example connects to an SFTP server, lists the contents of a bucket
    Fetching /runner/chunkdocs/metadata to metadata
    metadata                               100%  226    16.6KB/s   00:00
 
+Force use of service account or ldap for authentication
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To force authentication to SFTP using LDAP or service account credentials, append a suffix to the username.
+Valid suffixes are either ``=ldap`` or ``=svc``.
+
+.. code-block:: console
+
+   > sftp -P 8022 my-ldap-user=ldap@[minio@localhost]:/bucket
+
+
+.. code-block:: console
+
+   > sftp -P 8022 my-ldap-user=svc@[minio@localhost]:/bucket
+
+
+- Replace ``my-ldap-user`` with the username to use.
+- Replace ``[minio@localhost]`` with the address of the MinIO server.

source/reference/minio-mc-admin/mc-admin-group.rst

@@ -224,6 +224,8 @@ Syntax
       already exist. Use :mc-cmd:`mc admin group ls` to review the existing
       groups on a deployment.
 
+      A group name cannot contain the characters ``=`` (equal sign) or ``,`` (comma).
+
    .. mc-cmd:: MEMBERS
 
       The name of the user to add to the group.

source/reference/minio-mc/mc-idp-ldap-accesskey-create.rst

@@ -77,6 +77,7 @@ Parameters
    :optional:
 
    An access key to use for the account.
+   The access key cannot contain the characters ``=`` (equal sign) or ``,`` (comma).
 
    Requires :mc-cmd:`~mc idp ldap accesskey create --secret-key`
 

source/reference/minio-server/minio-server.rst

@@ -253,6 +253,9 @@ The command accepts the following arguments:
              hmac-sha1
              hmac-sha1-96
 
+      * - ``disable-password-auth``
+        - Disable password authentication.
+        - ``true``
 
    For example:
 

source/reference/minio-server/settings/iam/ldap.rst

@@ -198,6 +198,28 @@ User DN Search Filter
    :start-after: start-minio-ad-ldap-user-dn-search-filter
    :end-before: end-minio-ad-ldap-user-dn-search-filter
 
+User DN Attributes
+~~~~~~~~~~~~~~~~~~
+
+*Optional*
+
+.. tab-set::
+
+   .. tab-item:: Environment Variable
+      :sync: envvar
+
+      .. envvar:: MINIO_IDENTITY_LDAP_USER_DN_ATTRIBUTES
+
+   .. tab-item:: Configuration Setting
+      :sync: config
+
+      .. mc-conf:: identity_ldap user_dn_attributes
+         :delimiter: " "
+
+.. include:: /includes/common-minio-external-auth.rst
+   :start-after: start-minio-ad-ldap-user-dn-attributes
+   :end-before: end-minio-ad-ldap-user-dn-attributes
+
 Enabled
 ~~~~~~~