handle missing LDAP normalization in SetPolicy() API (#19465)

2025-11-07 21:02:58 -05:00 · 2024-04-10 15:37:42 -07:00
parent f7ed9a75ba
commit 35d8728990
2 changed files with 176 additions and 0 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -1602,6 +1602,30 @@ func (sys *IAMSys) PolicyDBSet(ctx context.Context, name, policy string, userTyp
 		return updatedAt, errServerNotInitialized
 	}

+	if sys.LDAPConfig.Enabled() {
+		if isGroup {
+			var foundGroupDN string
+			if foundGroupDN, err = sys.LDAPConfig.GetValidatedGroupDN(name); err != nil {
+				iamLogIf(ctx, err)
+				return
+			} else if foundGroupDN == "" {
+				err = errNoSuchGroup
+				return
+			}
+			name = foundGroupDN
+		} else {
+			var foundUserDN string
+			if foundUserDN, err = sys.LDAPConfig.GetValidatedDNForUsername(name); err != nil {
+				iamLogIf(ctx, err)
+				return
+			} else if foundUserDN == "" {
+				err = errNoSuchUser
+				return
+			}
+			name = foundUserDN
+		}
+	}
+
 	updatedAt, err = sys.store.PolicyDBSet(ctx, name, policy, userType, isGroup)
 	if err != nil {
 		return