Support multiple LDAP OU's, smAccountName support (#9139)

Fixes #8532
2025-11-09 13:39:46 -05:00 · 2020-03-21 22:47:26 -07:00
parent 3d3beb6a9d
commit ea18e51f4d
7 changed files with 262 additions and 310 deletions
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -369,6 +369,10 @@ func (sys *IAMSys) Init(objAPI ObjectLayer) error {
 		return errServerNotInitialized
 	}

+	if globalLDAPConfig.Enabled {
+		sys.EnableLDAPSys()
+	}
+
 	sys.Lock()
 	if globalEtcdClient == nil {
 		sys.store = newIAMObjectStore()
@@ -1791,22 +1795,18 @@ func (sys *IAMSys) removeGroupFromMembershipsMap(group string) {
 	}
 }

+// EnableLDAPSys - enable ldap system users type.
+func (sys *IAMSys) EnableLDAPSys() {
+	sys.Lock()
+	defer sys.Unlock()
+
+	sys.usersSysType = LDAPUsersSysType
+}
+
 // NewIAMSys - creates new config system object.
 func NewIAMSys() *IAMSys {
-	// Check global server configuration to determine the type of
-	// users system configured.
-
-	// The default users system
-	var utype UsersSysType
-	switch {
-	case globalLDAPConfig.Enabled:
-		utype = LDAPUsersSysType
-	default:
-		utype = MinIOUsersSysType
-	}
-
 	return &IAMSys{
-		usersSysType:            utype,
+		usersSysType:            MinIOUsersSysType,
 		iamUsersMap:             make(map[string]auth.Credentials),
 		iamPolicyDocsMap:        make(map[string]iampolicy.Policy),
 		iamUserPolicyMap:        make(map[string]MappedPolicy),