mirror of https://github.com/minio/minio.git
ae46ce9937
This is a change to IAM export/import functionality. For LDAP enabled setups, it performs additional validations: - for policy mappings on LDAP users and groups, it ensures that the corresponding user or group DN exists and if so uses a normalized form of these DNs for storage - for access keys (service accounts), it updates (i.e. validates existence and normalizes) the internally stored parent user DN and group DNs. This allows for a migration path for setups in which LDAP mappings have been stored in previous versions of the server, where the name of the mapping file stored on drives is not in a normalized form. An administrator needs to execute: `mc admin iam export ALIAS` followed by `mc admin iam import ALIAS /path/to/export/file` The validations are more strict and returns errors when multiple mappings are found for the same user/group DN. This is to ensure the mappings stored by the server are unambiguous and to reduce the potential for confusion. Bonus **bug fix**: IAM export of access keys (service accounts) did not export key name, description and expiration. This is fixed in this change too. |
||
|---|---|---|
| .. | ||
| amztime | ||
| arn | ||
| auth | ||
| bpool | ||
| bucket | ||
| cachevalue | ||
| color | ||
| config | ||
| crypto | ||
| deadlineconn | ||
| disk | ||
| dsync | ||
| etag | ||
| event | ||
| fips | ||
| grid | ||
| handlers | ||
| hash | ||
| http | ||
| init | ||
| ioutil | ||
| jwt | ||
| kms | ||
| lock | ||
| logger | ||
| lsync | ||
| mcontext | ||
| mountinfo | ||
| net | ||
| once | ||
| pubsub | ||
| rest | ||
| s3select | ||
| store | ||