-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow root user to create service accounts in LDAP #13221
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One comment
3db6cda
to
988927f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I try to create a service account with a regular LDAP user im getting:
API: AddServiceAccount()
Time: 16:47:37 PDT 09/17/2021
DeploymentID: 80b6f8b8-a28d-4c38-a584-b8b30eb4206c
RequestID: 16A5C0D42602B440
RemoteHost: ::1
Host: localhost:9000
UserAgent: MinIO (darwin; amd64) madmin-go/0.0.1
Error: Unable to find user DN: User DN for JM6HTMPWNB83U0XROM0V not found (*fmt.wrapError)
5: github.com/Alevsk/minio/cmd/api-errors.go:2039:cmd.toAPIErrorCode()
4: github.com/Alevsk/minio/cmd/admin-handler-utils.go:170:cmd.toAdminAPIErrCode()
3: github.com/Alevsk/minio/cmd/admin-handler-utils.go:157:cmd.toAdminAPIErr()
2: github.com/Alevsk/minio/cmd/admin-handlers-users.go:558:cmd.adminAPIHandlers.AddServiceAccount()
1: net/http/server.go:2049:http.HandlerFunc.ServeHTTP()
- Additionally, fix a bug in service account creation for LDAP users: the ldap short username was not associated with the service account.
988927f
to
f5c69b4
Compare
Thanks for testing @Alevsk - I've fixed the issue. I've redone the PR to make all cases clear again with comments. Please re-review @harshavardhana @vadmeste @Alevsk |
Mint Automation
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed and tested, works fine now!
Motivation and Context
To prepare to allow creation of system service accounts for upcoming features.
How to test this PR?
Use mc and a test ldap setup.
Types of changes
Checklist:
commit-id
orPR #
here)