MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Check both given and normalized group DN on LDAP policy detach requests (#19876)

This commit is contained in:
Taran Pelkey 2024-06-05 18:42:40 -04:00 committed by GitHub
parent 2107722829
commit 4148754ce0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/iam.go
View File

@ -1986,20 +1986,22 @@ func (sys *IAMSys) PolicyDBUpdateLDAP(ctx context.Context, isAttach bool,
}
isGroup = false
} else {
if isAttach {
var underBaseDN bool
if dnResult, underBaseDN, err = sys.LDAPConfig.GetValidatedGroupDN(nil, r.Group); err != nil {
iamLogIf(ctx, err)
return
} else if dnResult == nil || !underBaseDN {
var underBaseDN bool
if dnResult, underBaseDN, err = sys.LDAPConfig.GetValidatedGroupDN(nil, r.Group); err != nil {
iamLogIf(ctx, err)
return
}
if dnResult == nil || !underBaseDN {
if !isAttach {
dn = r.Group
} else {
err = errNoSuchGroup
return
}
} else {
// We use the group DN returned by the LDAP server (this may not
// equal the input group name, but we assume it is canonical).
dn = dnResult.NormDN
} else {
dn = r.Group
}
isGroup = true
}