Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[IDP:LDAP] Cleanup creds for removed LDAP user entries #12759

Merged
merged 3 commits into from
Jul 21, 2021
Merged

[IDP:LDAP] Cleanup creds for removed LDAP user entries #12759

merged 3 commits into from
Jul 21, 2021

Conversation

donatello
Copy link
Member

Description

This change lets the server poll the LDAP service periodically to check for LDAP
accounts with associated MinIO access credentials that have been removed. It
deletes any access credentials for such removed LDAP users.

Motivation and Context

Remove credentials for users no longer part of the LDAP org.

How to test this PR?

Use https://github.com/donatello/minio-ldap-testing to setup a test ldap server. Create some credentials for a user and delete the ldap entry using ldapdelete (see readme). After about 5 minutes, the credentials will be automatically purged.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Documentation updated
  • Unit tests added/updated

@donatello
[IDP:LDAP] Cleanup creds for removed LDAP user entries
79d340d 
This change lets the server poll the LDAP service periodically to check for LDAP
accounts with associated MinIO access credentials that have been removed. It
deletes any access credentials for such removed LDAP users.
harshavardhana
harshavardhana requested changes Jul 21, 2021
View reviewed changes
Copy link
Member

@harshavardhana harshavardhana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and tested

cmd/iam.go Outdated Show resolved Hide resolved
harshavardhana
harshavardhana reviewed Jul 21, 2021
View reviewed changes
internal/config/identity/ldap/config.go Outdated Show resolved Hide resolved
internal/config/identity/ldap/config.go Outdated Show resolved Hide resolved
internal/config/identity/ldap/config.go Outdated Show resolved Hide resolved
@minio-trusted
Copy link
Contributor

Mint Automation

Test Result
mint-large-bucket.sh ✔️
mint-fs.sh ✔️
mint-gateway-s3.sh ✔️
mint-erasure.sh ✔️
mint-dist-erasure.sh ✔️
mint-zoned.sh ✔️
mint-gateway-nas.sh ✔️
mint-compress-encrypt-dist-erasure.sh ✔️
Deleting image on docker hub
Deleting image locally

kannappanr
kannappanr approved these changes Jul 21, 2021
View reviewed changes
Copy link
Contributor

@kannappanr kannappanr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kannappanr kannappanr merged commit 0db1c94 into minio:master Jul 21, 2021
@donatello donatello deleted the ldap-poll branch July 21, 2021 16:26
@donatello donatello mentioned this pull request Jul 25, 2021
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavardhana harshavardhana harshavardhana approved these changes

@kannappanr kannappanr kannappanr approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@donatello @minio-trusted @harshavardhana @kannappanr