MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-22 03:24:38 -04:00
Code Issues Packages Projects Releases Wiki Activity

Check both given and normalized group DN on LDAP policy detach requests (#19876)

Browse Source
This commit is contained in:
Taran Pelkey 2024-06-05 18:42:40 -04:00 committed by GitHub
parent 2107722829
commit 4148754ce0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/iam.go
View File

@ -1986,20 +1986,22 @@ func (sys *IAMSys) PolicyDBUpdateLDAP(ctx context.Context, isAttach bool,
} }
isGroup = false isGroup = false
} else { } else {
if isAttach { var underBaseDN bool
var underBaseDN bool if dnResult, underBaseDN, err = sys.LDAPConfig.GetValidatedGroupDN(nil, r.Group); err != nil {
if dnResult, underBaseDN, err = sys.LDAPConfig.GetValidatedGroupDN(nil, r.Group); err != nil { iamLogIf(ctx, err)
iamLogIf(ctx, err) return
return }
} else if dnResult == nil || !underBaseDN { if dnResult == nil || !underBaseDN {
if !isAttach {
dn = r.Group
} else {
err = errNoSuchGroup err = errNoSuchGroup
return return
} }
} else {
// We use the group DN returned by the LDAP server (this may not // We use the group DN returned by the LDAP server (this may not
// equal the input group name, but we assume it is canonical). // equal the input group name, but we assume it is canonical).
dn = dnResult.NormDN dn = dnResult.NormDN
} else {
dn = r.Group
} }
isGroup = true isGroup = true
} }