mirror of
https://github.com/minio/minio.git
synced 2025-01-27 14:43:18 -05:00
fix: ldap: avoid unnecessary import errors (#19547)
Follow up for #19528 If there are multiple existing DN mappings for the same normalized DN, if they all have the same policy mapping value, we pick one of them of them instead of returning an import error.
This commit is contained in:
parent
2d3898e0d5
commit
98f7821eb3
25
cmd/iam.go
25
cmd/iam.go
@ -1621,8 +1621,29 @@ func (sys *IAMSys) NormalizeLDAPMappingImport(ctx context.Context, isGroup bool,
|
|||||||
|
|
||||||
for normKey, origKeys := range normalizedDNKeysMap {
|
for normKey, origKeys := range normalizedDNKeysMap {
|
||||||
if len(origKeys) > 1 {
|
if len(origKeys) > 1 {
|
||||||
return fmt.Errorf("multiple DNs map to the same LDAP DN[%s]: %v; please remove DNs that are not needed",
|
// If there are multiple DN keys that normalize to the same value,
|
||||||
normKey, origKeys)
|
// check if the policy mappings are equal, if they are we don't need
|
||||||
|
// to return an error.
|
||||||
|
policiesDiffer := false
|
||||||
|
firstMappedPolicies := policyMap[origKeys[0]].policySet()
|
||||||
|
for i := 1; i < len(origKeys); i++ {
|
||||||
|
otherMappedPolicies := policyMap[origKeys[i]].policySet()
|
||||||
|
if !firstMappedPolicies.Equals(otherMappedPolicies) {
|
||||||
|
policiesDiffer = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if policiesDiffer {
|
||||||
|
return fmt.Errorf("multiple DNs map to the same LDAP DN[%s]: %v; please remove DNs that are not needed",
|
||||||
|
normKey, origKeys)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Policies mapped to the DN's are the same, so we remove the extra
|
||||||
|
// ones from the map.
|
||||||
|
for i := 1; i < len(origKeys); i++ {
|
||||||
|
delete(policyMap, origKeys[i])
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Replacing origKeys[0] with normKey in the policyMap
|
// Replacing origKeys[0] with normKey in the policyMap
|
||||||
|
@ -829,11 +829,17 @@ func TestIAMImportAssetWithLDAP(t *testing.T) {
|
|||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
userPolicyMappingsFile: `{}`,
|
userPolicyMappingsFile: `{}`,
|
||||||
|
// Contains duplicate mapping with same policy, we should not error out.
|
||||||
groupPolicyMappingsFile: `{
|
groupPolicyMappingsFile: `{
|
||||||
"cn=project.c,ou=groups,ou=swengg,DC=min,dc=io": {
|
"cn=project.c,ou=groups,ou=swengg,DC=min,dc=io": {
|
||||||
"version": 0,
|
"version": 0,
|
||||||
"policy": "consoleAdmin",
|
"policy": "consoleAdmin",
|
||||||
"updatedAt": "2024-04-17T23:54:28.442998301Z"
|
"updatedAt": "2024-04-17T23:54:28.442998301Z"
|
||||||
|
},
|
||||||
|
"cn=project.c,ou=groups,OU=swengg,DC=min,DC=io": {
|
||||||
|
"version": 0,
|
||||||
|
"policy": "consoleAdmin",
|
||||||
|
"updatedAt": "2024-04-17T20:54:28.442998301Z"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
`,
|
`,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user