use LDAP config from minio/pkg to share with console (#15810)

2025-11-09 13:39:46 -05:00 · 2022-10-07 22:12:36 -07:00
parent 927a879052
commit 64cf887b28
15 changed files with 107 additions and 696 deletions
--- a/cmd/admin-handlers-users.go
+++ b/cmd/admin-handlers-users.go
@@ -657,7 +657,7 @@ func (a adminAPIHandlers) AddServiceAccount(w http.ResponseWriter, r *http.Reque

 		// In case of LDAP we need to resolve the targetUser to a DN and
 		// query their groups:
-		if globalLDAPConfig.Enabled {
+		if globalLDAPConfig.Enabled() {
 			opts.claims[ldapUserN] = targetUser // simple username
 			targetUser, targetGroups, err = globalLDAPConfig.LookupUserDN(targetUser)
 			if err != nil {
@@ -2086,7 +2086,7 @@ func (a adminAPIHandlers) ImportIAM(w http.ResponseWriter, r *http.Request) {

 				// In case of LDAP we need to resolve the targetUser to a DN and
 				// query their groups:
-				if globalLDAPConfig.Enabled {
+				if globalLDAPConfig.Enabled() {
 					opts.claims[ldapUserN] = svcAcctReq.AccessKey // simple username
 					targetUser, _, err := globalLDAPConfig.LookupUserDN(svcAcctReq.AccessKey)
 					if err != nil {
--- a/cmd/admin-handlers.go
+++ b/cmd/admin-handlers.go
@@ -1798,8 +1798,8 @@ func getServerInfo(ctx context.Context, r *http.Request) madmin.InfoMessage {
 	kmsStat := fetchKMSStatus()

 	ldap := madmin.LDAP{}
-	if globalLDAPConfig.Enabled {
-		ldapConn, err := globalLDAPConfig.Connect()
+	if globalLDAPConfig.Enabled() {
+		ldapConn, err := globalLDAPConfig.LDAP.Connect()
 		//nolint:gocritic
 		if err != nil {
 			ldap.Status = string(madmin.ItemOffline)
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@@ -202,7 +202,7 @@ func minioConfigToConsoleFeatures() {
 		}
 	}
 	// Enable if LDAP is enabled.
-	if globalLDAPConfig.Enabled {
+	if globalLDAPConfig.Enabled() {
 		os.Setenv("CONSOLE_LDAP_ENABLED", config.EnableOn)
 	}
 	os.Setenv("CONSOLE_MINIO_REGION", globalSite.Region)
--- a/cmd/config-current.go
+++ b/cmd/config-current.go
@@ -335,12 +335,12 @@ func validateSubSysConfig(s config.Config, subSys string, objAPI ObjectLayer) er
 			return err
 		}
 	case config.IdentityLDAPSubSys:
-		cfg, err := xldap.Lookup(s[config.IdentityLDAPSubSys][config.Default], globalRootCAs)
+		cfg, err := xldap.Lookup(s, globalRootCAs)
 		if err != nil {
 			return err
 		}
-		if cfg.Enabled {
-			conn, cerr := cfg.Connect()
+		if cfg.Enabled() {
+			conn, cerr := cfg.LDAP.Connect()
 			if cerr != nil {
 				return cerr
 			}
--- a/cmd/config-versions.go
+++ b/cmd/config-versions.go
@@ -855,5 +855,5 @@ type serverConfigV33 struct {
 		// Add new external policy enforcements here.
 	} `json:"policy"`

-	LDAPServerConfig xldap.Config `json:"ldapserverconfig"`
+	LDAPServerConfig xldap.LegacyConfig `json:"ldapserverconfig"`
 }
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -163,7 +163,7 @@ func (sys *IAMSys) LoadServiceAccount(ctx context.Context, accessKey string) err

 // initStore initializes IAM stores
 func (sys *IAMSys) initStore(objAPI ObjectLayer, etcdClient *etcd.Client) {
-	if sys.ldapConfig.Enabled {
+	if sys.ldapConfig.Enabled() {
 		sys.SetUsersSysType(LDAPUsersSysType)
 	}

@@ -222,8 +222,6 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
 	s := globalServerConfig
 	globalServerConfigMu.RUnlock()

-	ldapCfg := s[config.IdentityLDAPSubSys][config.Default]
-
 	var err error
 	globalOpenIDConfig, err = openid.LookupConfig(s,
 		NewGatewayHTTPTransport(), xhttp.DrainBody, globalSite.Region)
@@ -232,7 +230,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
 	}

 	// Initialize if LDAP is enabled
-	globalLDAPConfig, err = xldap.Lookup(ldapCfg, globalRootCAs)
+	globalLDAPConfig, err = xldap.Lookup(s, globalRootCAs)
 	if err != nil {
 		logger.LogIf(ctx, fmt.Errorf("Unable to parse LDAP configuration: %w", err))
 	}
@@ -347,7 +345,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
 				}
 			}
 		}()
-	case sys.ldapConfig.Enabled:
+	case sys.ldapConfig.Enabled():
 		go func() {
 			timer := time.NewTimer(refreshInterval)
 			defer timer.Stop()
--- a/cmd/site-replication.go
+++ b/cmd/site-replication.go
@@ -577,11 +577,11 @@ func (c *SiteReplicationSys) PeerJoinReq(ctx context.Context, arg madmin.SRPeerJ
 func (c *SiteReplicationSys) GetIDPSettings(ctx context.Context) madmin.IDPSettings {
 	s := madmin.IDPSettings{}
 	s.LDAP = madmin.LDAPSettings{
-		IsLDAPEnabled:          globalLDAPConfig.Enabled,
-		LDAPUserDNSearchBase:   globalLDAPConfig.UserDNSearchBaseDistName,
-		LDAPUserDNSearchFilter: globalLDAPConfig.UserDNSearchFilter,
-		LDAPGroupSearchBase:    globalLDAPConfig.GroupSearchBaseDistName,
-		LDAPGroupSearchFilter:  globalLDAPConfig.GroupSearchFilter,
+		IsLDAPEnabled:          globalLDAPConfig.Enabled(),
+		LDAPUserDNSearchBase:   globalLDAPConfig.LDAP.UserDNSearchBaseDistName,
+		LDAPUserDNSearchFilter: globalLDAPConfig.LDAP.UserDNSearchFilter,
+		LDAPGroupSearchBase:    globalLDAPConfig.LDAP.GroupSearchBaseDistName,
+		LDAPGroupSearchFilter:  globalLDAPConfig.LDAP.GroupSearchFilter,
 	}
 	s.OpenID = globalOpenIDConfig.GetSettings()
 	if s.OpenID.Enabled {