MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: authenticate LDAP via actual DN instead of normalized DN (#19805)

Browse Source 
fix: authenticate LDAP via actual DN instead of normalized DN

Normalized DN is only for internal representation, not for
external communication, any communication to LDAP must be
based on actual user DN. LDAP servers do not understand
normalized DN.

fixes #19757
This commit is contained in:
Harshavardhana
2024-05-25 06:43:06 -07:00
committed by GitHub
parent 7d75b1e758
commit 597a785253
11 changed files with 118 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmd/ftp-server-driver.go
View File

@@ -306,6 +306,7 @@ func (driver *ftpDriver) getMinIOClient(ctx *ftp.Context) (*minio.Client, error)
claims[expClaim] = UTCNow().Add(expiryDur).Unix()
claims[ldapUser] = lookupResult.NormDN
claims[ldapActualUser] = lookupResult.ActualDN
claims[ldapUserN] = ctx.Sess.LoginUser()
// Add LDAP attributes that were looked up into the claims.