MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: LDAP init. issue when LDAP server is down (#19619) 

At server startup, LDAP configuration is validated against the LDAP
server. If the LDAP server is down at that point, we need to cleanly
disable LDAP configuration. Previously, LDAP would remain configured but
error out in strange ways because initialization did not complete
without errors.
This commit is contained in:
Aditya Manthramurthy 2024-04-25 14:28:16 -07:00 committed by GitHub
parent 943d815783
commit 0c855638de
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/iam.go
View File

@ -238,7 +238,7 @@ func (sys *IAMSys) Init(ctx context.Context, objAPI ObjectLayer, etcdClient *etc
// Initialize if LDAP is enabled
ldapConfig, err := xldap.Lookup(s, globalRootCAs)
if err != nil {
iamLogIf(ctx, fmt.Errorf("Unable to parse LDAP configuration: %w", err), logger.WarningKind)
iamLogIf(ctx, fmt.Errorf("Unable to load LDAP configuration (LDAP configuration will be disabled!): %w", err), logger.WarningKind)
}
stsTLSConfig, err := xtls.Lookup(s[config.IdentityTLSSubSys][config.Default])

13
internal/config/identity/ldap/config.go
View File

@ -183,15 +183,15 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
return l, nil
}
l.LDAP = ldap.Config{
Enabled: true,
RootCAs: rootCAs,
ServerAddr: ldapServer,
SRVRecordName: getCfgVal(SRVRecordName),
}
// Parse explicitly enable=on/off flag. If not set, defaults to `true`
// because ServerAddr is set.
// Parse explicitly set enable=on/off flag.
isEnableFlagExplicitlySet := false
if v := getCfgVal(config.Enable); v != "" {
isEnableFlagExplicitlySet = true
l.LDAP.Enabled, err = config.ParseBool(v)
if err != nil {
return l, err
@ -232,9 +232,16 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
l.LDAP.GroupSearchFilter = getCfgVal(GroupSearchFilter)
l.LDAP.GroupSearchBaseDistName = getCfgVal(GroupSearchBaseDN)
// If enable flag was not explicitly set, we treat it as implicitly set at
// this point as necessary configuration is available.
if !isEnableFlagExplicitlySet && !l.LDAP.Enabled {
l.LDAP.Enabled = true
}
// Validate and test configuration.
valResult := l.LDAP.Validate()
if !valResult.IsOk() {
// Set to false if configuration fails to validate.
l.LDAP.Enabled = false
return l, valResult
}