fix: support LDAP settings properly in ftp/sftp (#17536)

Bonus this PR enhances and supports creating buckets via ftp `mkdir` fixes #17526
2025-11-07 12:52:58 -05:00 · 2023-06-28 13:15:21 -07:00
parent 73de721a63
commit 5317a0b755
3 changed files with 52 additions and 13 deletions
--- a/cmd/ftp-server.go
+++ b/cmd/ftp-server.go
@@ -129,10 +129,29 @@ func startSFTPServer(c *cli.Context) {
 	// certificate details and handles authentication of ServerConns.
 	config := &ssh.ServerConfig{
 		PasswordCallback: func(c ssh.ConnMetadata, pass []byte) (*ssh.Permissions, error) {
+			if globalIAMSys.LDAPConfig.Enabled() {
+				targetUser, targetGroups, err := globalIAMSys.LDAPConfig.Bind(c.User(), string(pass))
+				if err != nil {
+					return nil, err
+				}
+				ldapPolicies, _ := globalIAMSys.PolicyDBGet(targetUser, false, targetGroups...)
+				if len(ldapPolicies) == 0 {
+					return nil, errAuthentication
+				}
+				return &ssh.Permissions{
+					CriticalOptions: map[string]string{
+						ldapUser:  targetUser,
+						ldapUserN: c.User(),
+					},
+					Extensions: make(map[string]string),
+				}, nil
+			}
+
 			ui, ok := globalIAMSys.GetUser(context.Background(), c.User())
 			if !ok {
 				return nil, errNoSuchUser
 			}
+
 			if subtle.ConstantTimeCompare([]byte(ui.Credentials.SecretKey), pass) == 1 {
 				return &ssh.Permissions{
 					CriticalOptions: map[string]string{