mirror of
https://github.com/minio/minio.git
synced 2024-12-25 22:55:54 -05:00
ae46ce9937
This is a change to IAM export/import functionality. For LDAP enabled setups, it performs additional validations: - for policy mappings on LDAP users and groups, it ensures that the corresponding user or group DN exists and if so uses a normalized form of these DNs for storage - for access keys (service accounts), it updates (i.e. validates existence and normalizes) the internally stored parent user DN and group DNs. This allows for a migration path for setups in which LDAP mappings have been stored in previous versions of the server, where the name of the mapping file stored on drives is not in a normalized form. An administrator needs to execute: `mc admin iam export ALIAS` followed by `mc admin iam import ALIAS /path/to/export/file` The validations are more strict and returns errors when multiple mappings are found for the same user/group DN. This is to ensure the mappings stored by the server are unambiguous and to reduce the potential for confusion. Bonus **bug fix**: IAM export of access keys (service accounts) did not export key name, description and expiration. This is fixed in this change too. |
||
|---|---|---|
| .. | ||
| api | ||
| batch | ||
| browser | ||
| cache | ||
| callhome | ||
| compress | ||
| dns | ||
| drive | ||
| etcd | ||
| heal | ||
| identity | ||
| ilm | ||
| lambda | ||
| notify | ||
| policy | ||
| scanner | ||
| storageclass | ||
| subnet | ||
| bool-flag_test.go | ||
| bool-flag.go | ||
| certs_test.go | ||
| certs.go | ||
| certsinfo.go | ||
| config_test.go | ||
| config.go | ||
| constants.go | ||
| crypto_test.go | ||
| crypto.go | ||
| errors-utils.go | ||
| errors.go | ||
| help.go | ||
| legacy.go | ||
| server.go | ||