Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 6 of 6 for deng (0.18 sec)

  2. github.com/minio/minio

    cmd/auth-handler.go 

    			ConditionValues: getConditionValues(r, "", cred),
			ObjectName:      object,
			IsOwner:         owner,
			Claims:          cred.Claims,
			DenyOnly:        true,
		}) { // Request is not allowed if Deny action on DeleteObjectVersionAction
			return ErrAccessDenied
		}
	}
	if globalIAMSys.IsAllowed(policy.Args{
		AccountName:     cred.AccessKey,
		Groups:          cred.Groups,
		Action:          action,
    Go
    - Registered: Sun May 05 19:28:20 GMT 2024
    - Last Modified: Thu Apr 04 12:04:40 GMT 2024
    - 26K bytes
    - Viewed (0)
  3. github.com/minio/minio

    cmd/admin-handlers-users_test.go 

    	ctx, cancel := context.WithTimeout(context.Background(), testDefaultTimeout)
	defer cancel()

	// 1. Create a policy
	policy1 := "deny-svc"
	policy2 := "allow-svc"
	policyBytes := []byte(`{
 "Version": "2012-10-17",
 "Statement": [
  {
   "Effect": "Deny",
   "Action": [
    "admin:CreateServiceAccount"
   ]
  }
 ]
}`)

	newPolicyBytes := []byte(`{
 "Version": "2012-10-17",
    Go
    - Registered: Sun May 05 19:28:20 GMT 2024
    - Last Modified: Mon Feb 12 16:36:16 GMT 2024
    - 45.7K bytes
    - Viewed (0)
  4. github.com/minio/minio

    cmd/generic-handlers.go 

    				}
				defer logger.AuditLog(r.Context(), w, r, mustGetClaimsFromToken(r))
				writeErrorResponse(r.Context(), w, errorCodes.ToAPIErr(ErrInvalidBucketName), r.URL)
				return
			}
		}
		// Deny SSE-C requests if not made over TLS
		if !globalIsTLS && (crypto.SSEC.IsRequested(r.Header) || crypto.SSECopy.IsRequested(r.Header)) {
			if r.Method == http.MethodHead {
				if ok {
					tc.FuncName = "handler.ValidRequest"
    Go
    - Registered: Sun May 05 19:28:20 GMT 2024
    - Last Modified: Thu Apr 11 01:08:52 GMT 2024
    - 20.7K bytes
    - Viewed (0)
  5. github.com/minio/minio

    docs/sts/ldap.md 

    ```

</details>

**Note that by default no policy is set on a user**. Thus even if they successfully authenticate with AD/LDAP credentials, they have no access to object storage as the default access policy is to deny all access.

## API Request Parameters

### LDAPUsername

Is AD/LDAP username to login. Application must ask user for this value to successfully obtain rotating access credentials from AssumeRoleWithLDAPIdentity.
    Plain Text
    - Registered: Sun May 05 19:28:20 GMT 2024
    - Last Modified: Thu Jan 18 07:03:17 GMT 2024
    - 18.4K bytes
    - Viewed (1)
  6. github.com/minio/minio

    cmd/sts-handlers.go 

    	{
		h := sha256.New()
		h.Write([]byte("openid:" + subFromToken + ":" + issFromToken))
		bs := h.Sum(nil)
		cred.ParentUser = base64.RawURLEncoding.EncodeToString(bs)
	}

	// Deny this assume role request if the policy that the user intends to bind
	// has a sts:DurationSeconds condition, which is not satisfied as well
	{
		p := policyName
		if p == "" {
			var err error
    Go
    - Registered: Sun May 05 19:28:20 GMT 2024
    - Last Modified: Wed May 01 21:31:13 GMT 2024
    - 34.7K bytes
    - Viewed (2)
  7. github.com/minio/minio

    cmd/admin-handlers-idp-ldap.go 

    					errors.New("service accounts cannot be generated for temporary credentials without parent")), r.URL)
				return
			}
			targetUser = requestorParentUser
		}
		targetGroups = requestorGroups

		// Deny if the target user is not LDAP
		foundLDAPDN, err := globalIAMSys.LDAPConfig.GetValidatedDNForUsername(targetUser)
		if err != nil {
			writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
			return
		}
    Go
    - Registered: Sun May 05 19:28:20 GMT 2024
    - Last Modified: Thu Apr 25 15:50:16 GMT 2024
    - 13.3K bytes
    - Viewed (0)
Back to top