Loosen requirements to detach policies for LDAP (#18419)

This commit is contained in:
Taran Pelkey 2023-11-09 17:44:43 -05:00 committed by GitHub
parent 2229509362
commit 117ad1b65b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -1663,18 +1663,25 @@ func (sys *IAMSys) PolicyDBUpdateLDAP(ctx context.Context, isAttach bool,
return
}
if dn == "" {
err = errNoSuchUser
return
// Still attempt to detach if provided user is a DN.
if !isAttach && sys.LDAPConfig.IsLDAPUserDN(r.User) {
dn = r.User
} else {
err = errNoSuchUser
return
}
}
isGroup = false
} else {
var exists bool
if exists, err = sys.LDAPConfig.DoesGroupDNExist(r.Group); err != nil {
logger.LogIf(ctx, err)
return
} else if !exists {
err = errNoSuchGroup
return
if isAttach {
var exists bool
if exists, err = sys.LDAPConfig.DoesGroupDNExist(r.Group); err != nil {
logger.LogIf(ctx, err)
return
} else if !exists {
err = errNoSuchGroup
return
}
}
dn = r.Group
isGroup = true