mirror of
https://github.com/minio/minio.git
synced 2024-12-23 21:55:53 -05:00
parent
41caf89cf4
commit
cc5656f6d5
@ -1583,7 +1583,7 @@ func (sys *IAMSys) GetUser(accessKey string) (cred auth.Credentials, ok bool) {
|
||||
}
|
||||
policies = append(policies, ps...)
|
||||
}
|
||||
ok = len(policies) > 0
|
||||
ok = len(policies) > 0 || globalPolicyOPA != nil
|
||||
}
|
||||
}
|
||||
return cred, ok && cred.IsValid()
|
||||
|
@ -517,7 +517,7 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
|
||||
|
||||
// Check if this user or their groups have a policy applied.
|
||||
ldapPolicies, _ := globalIAMSys.PolicyDBGet(ldapUserDN, false, groupDistNames...)
|
||||
if len(ldapPolicies) == 0 {
|
||||
if len(ldapPolicies) == 0 && globalPolicyOPA == nil {
|
||||
writeSTSErrorResponse(ctx, w, true, ErrSTSInvalidParameterValue,
|
||||
fmt.Errorf("expecting a policy to be set for user `%s` or one of their groups: `%s` - rejecting this request",
|
||||
ldapUserDN, strings.Join(groupDistNames, "`,`")))
|
||||
|
Loading…
Reference in New Issue
Block a user