fix: reload LDAP users properly with latest mapping (#12137)

peer nodes would not update if policy is unset on a user, until policies reload every 5minutes. Make sure to reload the policies properly, if no policy is found make sure to delete such users and groups fixes #12074 Signed-off-by: Harshavardhana <harsha@minio.io>
2025-01-24 05:03:16 -05:00 · 2021-04-23 15:11:01 -07:00 · 2021-04-23 15:11:01 -07:00 · 799691eded
commit 799691eded
parent 93cdecaadd
1 changed files with 16 additions and 4 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@ -355,12 +355,24 @@ func (sys *IAMSys) LoadPolicyMapping(objAPI ObjectLayer, userOrGroup string, isG

 	if globalEtcdClient == nil {
 		var err error
-		if isGroup {
-			err = sys.store.loadMappedPolicy(context.Background(), userOrGroup, regularUser, isGroup, sys.iamGroupPolicyMap)
-		} else {
-			err = sys.store.loadMappedPolicy(context.Background(), userOrGroup, regularUser, isGroup, sys.iamUserPolicyMap)
+		userType := regularUser
+		if sys.usersSysType == LDAPUsersSysType {
+			userType = stsUser
 		}

+		if isGroup {
+			err = sys.store.loadMappedPolicy(context.Background(), userOrGroup, userType, isGroup, sys.iamGroupPolicyMap)
+		} else {
+			err = sys.store.loadMappedPolicy(context.Background(), userOrGroup, userType, isGroup, sys.iamUserPolicyMap)
+		}
+
+		if err == errNoSuchPolicy {
+			if isGroup {
+				delete(sys.iamGroupPolicyMap, userOrGroup)
+			} else {
+				delete(sys.iamUserPolicyMap, userOrGroup)
+			}
+		}
 		// Ignore policy not mapped error
 		if err != nil && err != errNoSuchPolicy {
 			return err