MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-08 05:35:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add enable flag for LDAP IDP config (#16805)

Browse Source
This commit is contained in:
Aditya Manthramurthy 2023-03-16 11:58:59 -07:00 committed by GitHub
parent d1e775313d
commit 58266c9e2c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 146 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/admin-handlers-idp-config.go
View File

@ -86,7 +86,7 @@ func (a adminAPIHandlers) addOrUpdateIDPHandler(ctx context.Context, w http.Resp
if idpCfgType == madmin.LDAPIDPCfg && cfgName != madmin.Default { if idpCfgType == madmin.LDAPIDPCfg && cfgName != madmin.Default {
// LDAP does not support multiple configurations. So cfgName must be // LDAP does not support multiple configurations. So cfgName must be
// empty or `madmin.Default`. // empty or `madmin.Default`.
writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL) writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigLDAPNonDefaultConfigName), r.URL)
return return
} }
} }

6
cmd/api-errors.go
View File

@ -281,6 +281,7 @@ const (
ErrAdminConfigEnvOverridden ErrAdminConfigEnvOverridden
ErrAdminConfigDuplicateKeys ErrAdminConfigDuplicateKeys
ErrAdminConfigInvalidIDPType ErrAdminConfigInvalidIDPType
ErrAdminConfigLDAPNonDefaultConfigName
ErrAdminConfigLDAPValidation ErrAdminConfigLDAPValidation
ErrAdminConfigIDPCfgNameAlreadyExists ErrAdminConfigIDPCfgNameAlreadyExists
ErrAdminConfigIDPCfgNameDoesNotExist ErrAdminConfigIDPCfgNameDoesNotExist
@ -1333,6 +1334,11 @@ var errorCodes = errorCodeMap{
Description: fmt.Sprintf("Invalid IDP configuration type - must be one of %v", madmin.ValidIDPConfigTypes), Description: fmt.Sprintf("Invalid IDP configuration type - must be one of %v", madmin.ValidIDPConfigTypes),
HTTPStatusCode: http.StatusBadRequest, HTTPStatusCode: http.StatusBadRequest,
}, },
ErrAdminConfigLDAPNonDefaultConfigName: {
Code: "XMinioAdminConfigLDAPNonDefaultConfigName",
Description: "Only a single LDAP configuration is supported - config name must be empty or `_`",
HTTPStatusCode: http.StatusBadRequest,
},
ErrAdminConfigLDAPValidation: { ErrAdminConfigLDAPValidation: {
Code: "XMinioAdminConfigLDAPValidation", Code: "XMinioAdminConfigLDAPValidation",
Description: "LDAP Configuration validation failed", Description: "LDAP Configuration validation failed",

249
cmd/apierrorcode_string.go
View File

File diff suppressed because one or more lines are too long

14
internal/config/identity/ldap/config.go
View File

@ -98,6 +98,10 @@ var removedKeys = []string{
// DefaultKVS - default config for LDAP config // DefaultKVS - default config for LDAP config
var ( var (
DefaultKVS = config.KVS{ DefaultKVS = config.KVS{
config.KV{
Key: config.Enable,
Value: "",
},
config.KV{ config.KV{
Key: ServerAddr, Key: ServerAddr,
Value: "", Value: "",
@ -184,6 +188,16 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
ServerAddr: ldapServer, ServerAddr: ldapServer,
SRVRecordName: getCfgVal(SRVRecordName), SRVRecordName: getCfgVal(SRVRecordName),
} }
// Parse explicity enable=on/off flag. If not set, defaults to `true`
// because ServerAddr is set.
if v := getCfgVal(config.Enable); v != "" {
l.LDAP.Enabled, err = config.ParseBool(v)
if err != nil {
return l, err
}
}
l.stsExpiryDuration = defaultLDAPExpiry l.stsExpiryDuration = defaultLDAPExpiry
// LDAP connection configuration // LDAP connection configuration