MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-19 10:07:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: ldap:username variable substitution in policies

Browse Source
This commit is contained in:
Harshavardhana 2021-07-11 18:38:52 -07:00
parent cd36019450
commit d86ef6256d
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/bucket-policy.go
View File

@ -174,7 +174,7 @@ func getConditionValues(r *http.Request, lc string, username string, claims map[
// Special case for AD/LDAP STS users // Special case for AD/LDAP STS users
if k == ldapUser { if k == ldapUser {
args["user"] = []string{vStr} args["user"] = []string{vStr}
} else if k == ldapUsername { } else if k == ldapUserN {
args["username"] = []string{vStr} args["username"] = []string{vStr}
} else { } else {
args[k] = []string{vStr} args[k] = []string{vStr}

4
cmd/sts-handlers.go
View File

@ -65,7 +65,7 @@ const (
// LDAP claim keys // LDAP claim keys
ldapUser = "ldapUser" ldapUser = "ldapUser"
ldapUsername = "ldapUsername" ldapUserN = "ldapUsername"
) )
func parseOpenIDParentUser(parentUser string) (userID string, err error) { func parseOpenIDParentUser(parentUser string) (userID string, err error) {
@ -544,8 +544,8 @@ func (sts *stsAPIHandlers) AssumeRoleWithLDAPIdentity(w http.ResponseWriter, r *
expiryDur := globalLDAPConfig.GetExpiryDuration() expiryDur := globalLDAPConfig.GetExpiryDuration()
m := map[string]interface{}{ m := map[string]interface{}{
expClaim: UTCNow().Add(expiryDur).Unix(), expClaim: UTCNow().Add(expiryDur).Unix(),
ldapUsername: ldapUsername,
ldapUser: ldapUserDN, ldapUser: ldapUserDN,
ldapUserN: ldapUsername,
} }
if len(sessionPolicyStr) > 0 { if len(sessionPolicyStr) > 0 {