Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow root user to create service accounts in LDAP #13221

Merged
merged 1 commit into from
Sep 20, 2021
Merged

Allow root user to create service accounts in LDAP #13221

merged 1 commit into from
Sep 20, 2021

Conversation

donatello
Copy link
Member

Motivation and Context

To prepare to allow creation of system service accounts for upcoming features.

How to test this PR?

Use mc and a test ldap setup.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Optimization (provides speedup with no functional changes)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • Fixes a regression (If yes, please add commit-id or PR # here)
  • Documentation updated
  • Unit tests added/updated

vadmeste
vadmeste requested changes Sep 16, 2021
View reviewed changes
Copy link
Member

@vadmeste vadmeste left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One comment

cmd/admin-handlers-users.go Outdated Show resolved Hide resolved
harshavardhana
harshavardhana requested changes Sep 16, 2021
View reviewed changes
cmd/admin-handlers-users.go Show resolved Hide resolved
cmd/admin-handlers-users.go Outdated Show resolved Hide resolved
Alevsk
Alevsk suggested changes Sep 17, 2021
View reviewed changes
Copy link
Contributor

@Alevsk Alevsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I try to create a service account with a regular LDAP user im getting:

API: AddServiceAccount()
Time: 16:47:37 PDT 09/17/2021
DeploymentID: 80b6f8b8-a28d-4c38-a584-b8b30eb4206c
RequestID: 16A5C0D42602B440
RemoteHost: ::1
Host: localhost:9000
UserAgent: MinIO (darwin; amd64) madmin-go/0.0.1
Error: Unable to find user DN: User DN for JM6HTMPWNB83U0XROM0V not found (*fmt.wrapError)
       5: github.com/Alevsk/minio/cmd/api-errors.go:2039:cmd.toAPIErrorCode()
       4: github.com/Alevsk/minio/cmd/admin-handler-utils.go:170:cmd.toAdminAPIErrCode()
       3: github.com/Alevsk/minio/cmd/admin-handler-utils.go:157:cmd.toAdminAPIErr()
       2: github.com/Alevsk/minio/cmd/admin-handlers-users.go:558:cmd.adminAPIHandlers.AddServiceAccount()
       1: net/http/server.go:2049:http.HandlerFunc.ServeHTTP()

@donatello
Allow root user to create service accounts in LDAP
f5c69b4 
- Additionally, fix a bug in service account creation for LDAP users: the
ldap short username was not associated with the service account.
@donatello
Copy link
Member Author

Thanks for testing @Alevsk - I've fixed the issue. I've redone the PR to make all cases clear again with comments. Please re-review @harshavardhana @vadmeste @Alevsk

@minio-trusted
Copy link
Contributor

Mint Automation

Test Result
mint-large-bucket.sh ✔️
mint-fs.sh ✔️
mint-gateway-s3.sh ✔️
mint-erasure.sh ✔️
mint-dist-erasure.sh ✔️
mint-zoned.sh ✔️
mint-gateway-nas.sh ✔️
mint-compress-encrypt-dist-erasure.sh ✔️
Deleting image on docker hub
Deleting image locally

Alevsk
Alevsk approved these changes Sep 20, 2021
View reviewed changes
Copy link
Contributor

@Alevsk Alevsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed and tested, works fine now!

@harshavardhana harshavardhana merged commit a0d0c8e into minio:master Sep 20, 2021
@donatello donatello deleted the fix-svc-acc branch September 20, 2021 21:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harshavardhana harshavardhana harshavardhana approved these changes

@Alevsk Alevsk Alevsk approved these changes

@vadmeste vadmeste Awaiting requested review from vadmeste

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@donatello @minio-trusted @vadmeste @harshavardhana @Alevsk