support ldap:username for policy substitution (#12390)

LDAPusername is the simpler form of LDAPUser (userDN), using a simpler version is convenient from policy conditions point of view, since these are unique id's used for LDAP login.
2025-11-24 19:46:16 -05:00 · 2021-05-28 10:33:07 -07:00
parent fa8e3151bc
commit 4444ba13a4
6 changed files with 19 additions and 10 deletions
--- a/pkg/bucket/policy/condition/key.go
+++ b/pkg/bucket/policy/condition/key.go
@@ -148,6 +148,7 @@ var AllSupportedKeys = append([]Key{
 	AWSUserID,
 	AWSUsername,
 	LDAPUser,
+	LDAPUsername,
 	// Add new supported condition keys.
 }, JWTKeys...)

@@ -167,6 +168,7 @@ var CommonKeys = append([]Key{
 	AWSUserID,
 	AWSUsername,
 	LDAPUser,
+	LDAPUsername,
 }, JWTKeys...)

 func substFuncFromValues(values map[string][]string) func(string) string {
--- a/pkg/bucket/policy/condition/ldap.go
+++ b/pkg/bucket/policy/condition/ldap.go
@@ -18,6 +18,9 @@
 package condition

 const (
-	// LDAPUser - LDAP username, in MinIO this value is equal to your authenticating LDAP user.
+	// LDAPUser - LDAP user DN, in MinIO this value is equal to user DN of the authenticated user.
 	LDAPUser Key = "ldap:user"
+
+	// LDAPUsername - LDAP username, in MinIO is the authenticated simply user.
+	LDAPUsername Key = "ldap:username"
 )