MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

support ldap:username for policy substitution (#12390)

Browse Source 
LDAPusername is the simpler form of LDAPUser (userDN),
using a simpler version is convenient from policy
conditions point of view, since these are unique id's
used for LDAP login.
This commit is contained in:
Harshavardhana
2021-05-28 10:33:07 -07:00
committed by GitHub
parent fa8e3151bc
commit 4444ba13a4
6 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/sts-handlers.go
View File

@@ -64,7 +64,8 @@ const (
parentClaim = "parent"
// LDAP claim keys
ldapUser = "ldapUser"
ldapUser = "ldapUser"
ldapUsername = "ldapUsername"
)
// stsAPIHandlers implements and provides http handlers for AWS STS API.
@@ -525,8 +526,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
expiryDur := globalLDAPConfig.GetExpiryDuration()
m := map[string]interface{}{
expClaim: UTCNow().Add(expiryDur).Unix(),
ldapUser: ldapUserDN,
expClaim: UTCNow().Add(expiryDur).Unix(),
ldapUsername: ldapUsername,
ldapUser: ldapUserDN,
}
if len(sessionPolicyStr) > 0 {