fix: service account permissions generated from LDAP user (#11637)

service accounts generated from LDAP parent user did not inherit correct permissions, this PR fixes this fully.
2025-11-07 12:52:58 -05:00 · 2021-02-25 13:49:59 -08:00
parent 85620dfe93
commit f9f6fd0421
3 changed files with 96 additions and 68 deletions
--- a/cmd/jwt.go
+++ b/cmd/jwt.go
@@ -104,7 +104,7 @@ func webTokenCallback(claims *xjwt.MapClaims) ([]byte, error) {
 	if claims.AccessKey == globalActiveCred.AccessKey {
 		return []byte(globalActiveCred.SecretKey), nil
 	}
-	ok, err := globalIAMSys.IsTempUser(claims.AccessKey)
+	ok, _, err := globalIAMSys.IsTempUser(claims.AccessKey)
 	if err != nil {
 		if err == errNoSuchUser {
 			return nil, errInvalidAccessKeyID