-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Listing Policy Mapping Entities will return groups that user is a member of and the group policies #19914
Conversation
// decodeDN is pulled from the go-ldap library | ||
// https://github.com/go-ldap/ldap/blob/dbdc485259442f987d83e604cd4f5859cfc1be58/dn.go | ||
func decodeDN(str string) (string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why are doing this here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is to decode the internal unicode representation of some characters into human-readable characters when they are being sent externally (i.e. cn=\d0\98\d0\b2\d0\b0\d0\bd\d0\be\d0\b2 \d0\98\d0\b2\d0\b0\d0\bd,cn=Users,dc=min,dc=io
is converted to cn=Иванов Иван,cn=Users,dc=min,dc=io
)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we move this to pkg/ldap
and also add some good amount of unit tests, we can't just fork such sensitive code without unit tests for this function.
We should also keep the code as pkg/ldap/decode_dn_contrib.go
where this file carries an external license header as part of the source file - since its just a copy from the upstream project.
if its a new implementation fresh without copying from upstream then we are good.
// decodeDN is pulled from the go-ldap library | ||
// https://github.com/go-ldap/ldap/blob/dbdc485259442f987d83e604cd4f5859cfc1be58/dn.go | ||
func decodeDN(str string) (string, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we move this to pkg/ldap
and also add some good amount of unit tests, we can't just fork such sensitive code without unit tests for this function.
We should also keep the code as pkg/ldap/decode_dn_contrib.go
where this file carries an external license header as part of the source file - since its just a copy from the upstream project.
if its a new implementation fresh without copying from upstream then we are good.
@taran-p Of the three motivations listed:
I think it makes sense to separate out the last two into a separate PR and put the DN decoding logic + tests into the pkg module. |
Community Contribution License
All community contributions in this pull request are licensed to the project maintainers
under the terms of the Apache 2 license.
By creating this pull request I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 license.
Description
ListLDAPPolicyMappingEntities
orListPolicyMappingEntities
for specific users will return groups those users are members of and their associated policies. For LDAP only groups that have policies will be returned.ListLDAPPolicyMappingEntities
now validates and normalizes incoming user or group queries.ListLDAPPolicyMappingEntities
will be decoded from their internal unicode representation.Motivation and Context
ä
is returned as\c3\a4
). These characters will now be returned in their human-readable form.How to test this PR?
Use minio/mc#4961 to run
mc idp ldap policy entities
ormc admin policy entities
on users with groupsTypes of changes
Checklist:
commit-id
orPR #
here)