mirror of
https://github.com/minio/minio.git
synced 2024-12-27 15:45:55 -05:00
ae46ce9937
This is a change to IAM export/import functionality. For LDAP enabled setups, it performs additional validations: - for policy mappings on LDAP users and groups, it ensures that the corresponding user or group DN exists and if so uses a normalized form of these DNs for storage - for access keys (service accounts), it updates (i.e. validates existence and normalizes) the internally stored parent user DN and group DNs. This allows for a migration path for setups in which LDAP mappings have been stored in previous versions of the server, where the name of the mapping file stored on drives is not in a normalized form. An administrator needs to execute: `mc admin iam export ALIAS` followed by `mc admin iam import ALIAS /path/to/export/file` The validations are more strict and returns errors when multiple mappings are found for the same user/group DN. This is to ensure the mappings stored by the server are unambiguous and to reduce the potential for confusion. Bonus **bug fix**: IAM export of access keys (service accounts) did not export key name, description and expiration. This is fixed in this change too. |
||
---|---|---|
.. | ||
api | ||
batch | ||
browser | ||
cache | ||
callhome | ||
compress | ||
dns | ||
drive | ||
etcd | ||
heal | ||
identity | ||
ilm | ||
lambda | ||
notify | ||
policy | ||
scanner | ||
storageclass | ||
subnet | ||
bool-flag_test.go | ||
bool-flag.go | ||
certs_test.go | ||
certs.go | ||
certsinfo.go | ||
config_test.go | ||
config.go | ||
constants.go | ||
crypto_test.go | ||
crypto.go | ||
errors-utils.go | ||
errors.go | ||
help.go | ||
legacy.go | ||
server.go |