MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-01-11 15:03:22 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: ldap:username variable substitution in policies

Browse Source
This commit is contained in:
Harshavardhana 2021-07-11 18:38:52 -07:00
parent cd36019450
commit d86ef6256d
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/bucket-policy.go
View File

@ -174,7 +174,7 @@ func getConditionValues(r *http.Request, lc string, username string, claims map[
// Special case for AD/LDAP STS users
if k == ldapUser {
args["user"] = []string{vStr}
} else if k == ldapUsername {
} else if k == ldapUserN {
args["username"] = []string{vStr}
} else {
args[k] = []string{vStr}

10
cmd/sts-handlers.go
View File

@ -64,8 +64,8 @@ const (
parentClaim = "parent"
// LDAP claim keys
ldapUser = "ldapUser"
ldapUsername = "ldapUsername"
ldapUser = "ldapUser"
ldapUserN = "ldapUsername"
)
func parseOpenIDParentUser(parentUser string) (userID string, err error) {
@ -543,9 +543,9 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
expiryDur := globalLDAPConfig.GetExpiryDuration()
m := map[string]interface{}{
expClaim: UTCNow().Add(expiryDur).Unix(),
ldapUsername: ldapUsername,
ldapUser: ldapUserDN,
expClaim: UTCNow().Add(expiryDur).Unix(),
ldapUser: ldapUserDN,
ldapUserN: ldapUsername,
}
if len(sessionPolicyStr) > 0 {