Add enable flag for LDAP IDP config (#16805)

2024-07-20 18:04:21 +00:00 · 2023-03-16 11:58:59 -07:00 · 2023-03-16 11:58:59 -07:00 · 58266c9e2c
parent d1e775313d
commit 58266c9e2c
4 changed files with 146 additions and 125 deletions
--- a/cmd/admin-handlers-idp-config.go
+++ b/cmd/admin-handlers-idp-config.go
@ -86,7 +86,7 @@ func (a adminAPIHandlers) addOrUpdateIDPHandler(ctx context.Context, w http.Resp
 		if idpCfgType == madmin.LDAPIDPCfg && cfgName != madmin.Default {
 			// LDAP does not support multiple configurations. So cfgName must be
 			// empty or `madmin.Default`.
-			writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrBadRequest), r.URL)
+			writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(ErrAdminConfigLDAPNonDefaultConfigName), r.URL)
 			return
 		}
 	}
--- a/cmd/api-errors.go
+++ b/cmd/api-errors.go
@ -281,6 +281,7 @@ const (
 	ErrAdminConfigEnvOverridden
 	ErrAdminConfigDuplicateKeys
 	ErrAdminConfigInvalidIDPType
+	ErrAdminConfigLDAPNonDefaultConfigName
 	ErrAdminConfigLDAPValidation
 	ErrAdminConfigIDPCfgNameAlreadyExists
 	ErrAdminConfigIDPCfgNameDoesNotExist
@ -1333,6 +1334,11 @@ var errorCodes = errorCodeMap{
 		Description:    fmt.Sprintf("Invalid IDP configuration type - must be one of %v", madmin.ValidIDPConfigTypes),
 		HTTPStatusCode: http.StatusBadRequest,
 	},
+	ErrAdminConfigLDAPNonDefaultConfigName: {
+		Code:           "XMinioAdminConfigLDAPNonDefaultConfigName",
+		Description:    "Only a single LDAP configuration is supported - config name must be empty or `_`",
+		HTTPStatusCode: http.StatusBadRequest,
+	},
 	ErrAdminConfigLDAPValidation: {
 		Code:           "XMinioAdminConfigLDAPValidation",
 		Description:    "LDAP Configuration validation failed",
--- a/cmd/apierrorcode_string.go
+++ b/cmd/apierrorcode_string.go
--- a/internal/config/identity/ldap/config.go
+++ b/internal/config/identity/ldap/config.go
@ -98,6 +98,10 @@ var removedKeys = []string{
 // DefaultKVS - default config for LDAP config
 var (
 	DefaultKVS = config.KVS{
+		config.KV{
+			Key:   config.Enable,
+			Value: "",
+		},
 		config.KV{
 			Key:   ServerAddr,
 			Value: "",
@ -184,6 +188,16 @@ func Lookup(s config.Config, rootCAs *x509.CertPool) (l Config, err error) {
 		ServerAddr:    ldapServer,
 		SRVRecordName: getCfgVal(SRVRecordName),
 	}
+
+	// Parse explicity enable=on/off flag. If not set, defaults to `true`
+	// because ServerAddr is set.
+	if v := getCfgVal(config.Enable); v != "" {
+		l.LDAP.Enabled, err = config.ParseBool(v)
+		if err != nil {
+			return l, err
+		}
+	}
+
 	l.stsExpiryDuration = defaultLDAPExpiry

 	// LDAP connection configuration