diff --git a/cmd/admin-handlers-users.go b/cmd/admin-handlers-users.go index 14ff94e36..7e502e85f 100644 --- a/cmd/admin-handlers-users.go +++ b/cmd/admin-handlers-users.go @@ -1767,7 +1767,7 @@ func (a adminAPIHandlers) ListPolicyMappingEntities(w http.ResponseWriter, r *ht writeSuccessResponseJSON(w, econfigData) } -// AttachPolicyBuiltin - POST /minio/admin/v3/idp/builtin/attach +// AttachPolicyBuiltin - POST /minio/admin/v3/idp/builtin/policy/attach func (a adminAPIHandlers) AttachPolicyBuiltin(w http.ResponseWriter, r *http.Request) { ctx := newContext(r, w, "AttachPolicyBuiltin") @@ -1835,20 +1835,19 @@ func (a adminAPIHandlers) AttachPolicyBuiltin(w http.ResponseWriter, r *http.Req } // Validate that user exists. - if globalIAMSys.GetUsersSysType() == MinIOUsersSysType { - _, ok := globalIAMSys.GetUser(ctx, userOrGroup) - if !ok { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errNoSuchUser), r.URL) + _, ok = globalIAMSys.GetUser(ctx, userOrGroup) + if !ok { + if globalIAMSys.LDAPConfig.Enabled() { + // When LDAP is enabled, warn user that they are using the wrong + // API. + writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errNoSuchUserLDAPWarn), r.URL) return } + writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errNoSuchUser), r.URL) + return } } - userType := regUser - if globalIAMSys.GetUsersSysType() == LDAPUsersSysType { - userType = stsUser - } - var existingPolicies []string if isGroup { existingPolicies, err = globalIAMSys.PolicyDBGet(userOrGroup, true) @@ -1878,6 +1877,7 @@ func (a adminAPIHandlers) AttachPolicyBuiltin(w http.ResponseWriter, r *http.Req existingPolicies = append(existingPolicies, policiesToAttach...) newPolicies := strings.Join(existingPolicies, ",") + userType := regUser updatedAt, err := globalIAMSys.PolicyDBSet(ctx, userOrGroup, newPolicies, userType, isGroup) if err != nil { writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL) @@ -1898,7 +1898,7 @@ func (a adminAPIHandlers) AttachPolicyBuiltin(w http.ResponseWriter, r *http.Req writeResponse(w, http.StatusCreated, nil, mimeNone) } -// DetachPolicyBuiltin - POST /minio/admin/v3/idp/builtin/detach +// DetachPolicyBuiltin - POST /minio/admin/v3/idp/builtin/policy/detach func (a adminAPIHandlers) DetachPolicyBuiltin(w http.ResponseWriter, r *http.Request) { ctx := newContext(r, w, "DetachPolicyBuiltin") @@ -1959,12 +1959,16 @@ func (a adminAPIHandlers) DetachPolicyBuiltin(w http.ResponseWriter, r *http.Req } // Validate that user exists. - if globalIAMSys.GetUsersSysType() == MinIOUsersSysType { - _, ok := globalIAMSys.GetUser(ctx, userOrGroup) - if !ok { - writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errNoSuchUser), r.URL) + _, ok = globalIAMSys.GetUser(ctx, userOrGroup) + if !ok { + if globalIAMSys.LDAPConfig.Enabled() { + // When LDAP is enabled, warn user that they are using the wrong + // API. + writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errNoSuchUserLDAPWarn), r.URL) return } + writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, errNoSuchUser), r.URL) + return } } diff --git a/cmd/api-errors.go b/cmd/api-errors.go index a97e485f5..fd85834b4 100644 --- a/cmd/api-errors.go +++ b/cmd/api-errors.go @@ -269,6 +269,7 @@ const ( ErrMalformedJSON ErrAdminNoSuchUser + ErrAdminNoSuchUserLDAPWarn ErrAdminNoSuchGroup ErrAdminGroupNotEmpty ErrAdminGroupDisabled @@ -1266,6 +1267,11 @@ var errorCodes = errorCodeMap{ Description: "The specified user does not exist.", HTTPStatusCode: http.StatusNotFound, }, + ErrAdminNoSuchUserLDAPWarn: { + Code: "XMinioAdminNoSuchUser", + Description: "The specified user does not exist. If you meant a user in LDAP, use `mc idp ldap`", + HTTPStatusCode: http.StatusNotFound, + }, ErrAdminNoSuchGroup: { Code: "XMinioAdminNoSuchGroup", Description: "The specified group does not exist.", @@ -2036,6 +2042,8 @@ func toAPIErrorCode(ctx context.Context, err error) (apiErr APIErrorCode) { apiErr = ErrAdminNoSuchPolicy case errNoSuchUser: apiErr = ErrAdminNoSuchUser + case errNoSuchUserLDAPWarn: + apiErr = ErrAdminNoSuchUserLDAPWarn case errNoSuchServiceAccount: apiErr = ErrAdminServiceAccountNotFound case errNoSuchGroup: diff --git a/cmd/apierrorcode_string.go b/cmd/apierrorcode_string.go index cfeaa45d7..454712d4f 100644 --- a/cmd/apierrorcode_string.go +++ b/cmd/apierrorcode_string.go @@ -180,150 +180,151 @@ func _() { _ = x[ErrBackendDown-169] _ = x[ErrMalformedJSON-170] _ = x[ErrAdminNoSuchUser-171] - _ = x[ErrAdminNoSuchGroup-172] - _ = x[ErrAdminGroupNotEmpty-173] - _ = x[ErrAdminGroupDisabled-174] - _ = x[ErrAdminNoSuchJob-175] - _ = x[ErrAdminNoSuchPolicy-176] - _ = x[ErrAdminPolicyChangeAlreadyApplied-177] - _ = x[ErrAdminInvalidArgument-178] - _ = x[ErrAdminInvalidAccessKey-179] - _ = x[ErrAdminInvalidSecretKey-180] - _ = x[ErrAdminConfigNoQuorum-181] - _ = x[ErrAdminConfigTooLarge-182] - _ = x[ErrAdminConfigBadJSON-183] - _ = x[ErrAdminNoSuchConfigTarget-184] - _ = x[ErrAdminConfigEnvOverridden-185] - _ = x[ErrAdminConfigDuplicateKeys-186] - _ = x[ErrAdminConfigInvalidIDPType-187] - _ = x[ErrAdminConfigLDAPNonDefaultConfigName-188] - _ = x[ErrAdminConfigLDAPValidation-189] - _ = x[ErrAdminConfigIDPCfgNameAlreadyExists-190] - _ = x[ErrAdminConfigIDPCfgNameDoesNotExist-191] - _ = x[ErrAdminCredentialsMismatch-192] - _ = x[ErrInsecureClientRequest-193] - _ = x[ErrObjectTampered-194] - _ = x[ErrSiteReplicationInvalidRequest-195] - _ = x[ErrSiteReplicationPeerResp-196] - _ = x[ErrSiteReplicationBackendIssue-197] - _ = x[ErrSiteReplicationServiceAccountError-198] - _ = x[ErrSiteReplicationBucketConfigError-199] - _ = x[ErrSiteReplicationBucketMetaError-200] - _ = x[ErrSiteReplicationIAMError-201] - _ = x[ErrSiteReplicationConfigMissing-202] - _ = x[ErrAdminRebalanceAlreadyStarted-203] - _ = x[ErrAdminRebalanceNotStarted-204] - _ = x[ErrAdminBucketQuotaExceeded-205] - _ = x[ErrAdminNoSuchQuotaConfiguration-206] - _ = x[ErrHealNotImplemented-207] - _ = x[ErrHealNoSuchProcess-208] - _ = x[ErrHealInvalidClientToken-209] - _ = x[ErrHealMissingBucket-210] - _ = x[ErrHealAlreadyRunning-211] - _ = x[ErrHealOverlappingPaths-212] - _ = x[ErrIncorrectContinuationToken-213] - _ = x[ErrEmptyRequestBody-214] - _ = x[ErrUnsupportedFunction-215] - _ = x[ErrInvalidExpressionType-216] - _ = x[ErrBusy-217] - _ = x[ErrUnauthorizedAccess-218] - _ = x[ErrExpressionTooLong-219] - _ = x[ErrIllegalSQLFunctionArgument-220] - _ = x[ErrInvalidKeyPath-221] - _ = x[ErrInvalidCompressionFormat-222] - _ = x[ErrInvalidFileHeaderInfo-223] - _ = x[ErrInvalidJSONType-224] - _ = x[ErrInvalidQuoteFields-225] - _ = x[ErrInvalidRequestParameter-226] - _ = x[ErrInvalidDataType-227] - _ = x[ErrInvalidTextEncoding-228] - _ = x[ErrInvalidDataSource-229] - _ = x[ErrInvalidTableAlias-230] - _ = x[ErrMissingRequiredParameter-231] - _ = x[ErrObjectSerializationConflict-232] - _ = x[ErrUnsupportedSQLOperation-233] - _ = x[ErrUnsupportedSQLStructure-234] - _ = x[ErrUnsupportedSyntax-235] - _ = x[ErrUnsupportedRangeHeader-236] - _ = x[ErrLexerInvalidChar-237] - _ = x[ErrLexerInvalidOperator-238] - _ = x[ErrLexerInvalidLiteral-239] - _ = x[ErrLexerInvalidIONLiteral-240] - _ = x[ErrParseExpectedDatePart-241] - _ = x[ErrParseExpectedKeyword-242] - _ = x[ErrParseExpectedTokenType-243] - _ = x[ErrParseExpected2TokenTypes-244] - _ = x[ErrParseExpectedNumber-245] - _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-246] - _ = x[ErrParseExpectedTypeName-247] - _ = x[ErrParseExpectedWhenClause-248] - _ = x[ErrParseUnsupportedToken-249] - _ = x[ErrParseUnsupportedLiteralsGroupBy-250] - _ = x[ErrParseExpectedMember-251] - _ = x[ErrParseUnsupportedSelect-252] - _ = x[ErrParseUnsupportedCase-253] - _ = x[ErrParseUnsupportedCaseClause-254] - _ = x[ErrParseUnsupportedAlias-255] - _ = x[ErrParseUnsupportedSyntax-256] - _ = x[ErrParseUnknownOperator-257] - _ = x[ErrParseMissingIdentAfterAt-258] - _ = x[ErrParseUnexpectedOperator-259] - _ = x[ErrParseUnexpectedTerm-260] - _ = x[ErrParseUnexpectedToken-261] - _ = x[ErrParseUnexpectedKeyword-262] - _ = x[ErrParseExpectedExpression-263] - _ = x[ErrParseExpectedLeftParenAfterCast-264] - _ = x[ErrParseExpectedLeftParenValueConstructor-265] - _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-266] - _ = x[ErrParseExpectedArgumentDelimiter-267] - _ = x[ErrParseCastArity-268] - _ = x[ErrParseInvalidTypeParam-269] - _ = x[ErrParseEmptySelect-270] - _ = x[ErrParseSelectMissingFrom-271] - _ = x[ErrParseExpectedIdentForGroupName-272] - _ = x[ErrParseExpectedIdentForAlias-273] - _ = x[ErrParseUnsupportedCallWithStar-274] - _ = x[ErrParseNonUnaryAgregateFunctionCall-275] - _ = x[ErrParseMalformedJoin-276] - _ = x[ErrParseExpectedIdentForAt-277] - _ = x[ErrParseAsteriskIsNotAloneInSelectList-278] - _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-279] - _ = x[ErrParseInvalidContextForWildcardInSelectList-280] - _ = x[ErrIncorrectSQLFunctionArgumentType-281] - _ = x[ErrValueParseFailure-282] - _ = x[ErrEvaluatorInvalidArguments-283] - _ = x[ErrIntegerOverflow-284] - _ = x[ErrLikeInvalidInputs-285] - _ = x[ErrCastFailed-286] - _ = x[ErrInvalidCast-287] - _ = x[ErrEvaluatorInvalidTimestampFormatPattern-288] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-289] - _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-290] - _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-291] - _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-292] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-293] - _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-294] - _ = x[ErrEvaluatorBindingDoesNotExist-295] - _ = x[ErrMissingHeaders-296] - _ = x[ErrInvalidColumnIndex-297] - _ = x[ErrAdminConfigNotificationTargetsFailed-298] - _ = x[ErrAdminProfilerNotEnabled-299] - _ = x[ErrInvalidDecompressedSize-300] - _ = x[ErrAddUserInvalidArgument-301] - _ = x[ErrAdminResourceInvalidArgument-302] - _ = x[ErrAdminAccountNotEligible-303] - _ = x[ErrAccountNotEligible-304] - _ = x[ErrAdminServiceAccountNotFound-305] - _ = x[ErrPostPolicyConditionInvalidFormat-306] - _ = x[ErrInvalidChecksum-307] - _ = x[ErrLambdaARNInvalid-308] - _ = x[ErrLambdaARNNotFound-309] - _ = x[apiErrCodeEnd-310] + _ = x[ErrAdminNoSuchUserLDAPWarn-172] + _ = x[ErrAdminNoSuchGroup-173] + _ = x[ErrAdminGroupNotEmpty-174] + _ = x[ErrAdminGroupDisabled-175] + _ = x[ErrAdminNoSuchJob-176] + _ = x[ErrAdminNoSuchPolicy-177] + _ = x[ErrAdminPolicyChangeAlreadyApplied-178] + _ = x[ErrAdminInvalidArgument-179] + _ = x[ErrAdminInvalidAccessKey-180] + _ = x[ErrAdminInvalidSecretKey-181] + _ = x[ErrAdminConfigNoQuorum-182] + _ = x[ErrAdminConfigTooLarge-183] + _ = x[ErrAdminConfigBadJSON-184] + _ = x[ErrAdminNoSuchConfigTarget-185] + _ = x[ErrAdminConfigEnvOverridden-186] + _ = x[ErrAdminConfigDuplicateKeys-187] + _ = x[ErrAdminConfigInvalidIDPType-188] + _ = x[ErrAdminConfigLDAPNonDefaultConfigName-189] + _ = x[ErrAdminConfigLDAPValidation-190] + _ = x[ErrAdminConfigIDPCfgNameAlreadyExists-191] + _ = x[ErrAdminConfigIDPCfgNameDoesNotExist-192] + _ = x[ErrAdminCredentialsMismatch-193] + _ = x[ErrInsecureClientRequest-194] + _ = x[ErrObjectTampered-195] + _ = x[ErrSiteReplicationInvalidRequest-196] + _ = x[ErrSiteReplicationPeerResp-197] + _ = x[ErrSiteReplicationBackendIssue-198] + _ = x[ErrSiteReplicationServiceAccountError-199] + _ = x[ErrSiteReplicationBucketConfigError-200] + _ = x[ErrSiteReplicationBucketMetaError-201] + _ = x[ErrSiteReplicationIAMError-202] + _ = x[ErrSiteReplicationConfigMissing-203] + _ = x[ErrAdminRebalanceAlreadyStarted-204] + _ = x[ErrAdminRebalanceNotStarted-205] + _ = x[ErrAdminBucketQuotaExceeded-206] + _ = x[ErrAdminNoSuchQuotaConfiguration-207] + _ = x[ErrHealNotImplemented-208] + _ = x[ErrHealNoSuchProcess-209] + _ = x[ErrHealInvalidClientToken-210] + _ = x[ErrHealMissingBucket-211] + _ = x[ErrHealAlreadyRunning-212] + _ = x[ErrHealOverlappingPaths-213] + _ = x[ErrIncorrectContinuationToken-214] + _ = x[ErrEmptyRequestBody-215] + _ = x[ErrUnsupportedFunction-216] + _ = x[ErrInvalidExpressionType-217] + _ = x[ErrBusy-218] + _ = x[ErrUnauthorizedAccess-219] + _ = x[ErrExpressionTooLong-220] + _ = x[ErrIllegalSQLFunctionArgument-221] + _ = x[ErrInvalidKeyPath-222] + _ = x[ErrInvalidCompressionFormat-223] + _ = x[ErrInvalidFileHeaderInfo-224] + _ = x[ErrInvalidJSONType-225] + _ = x[ErrInvalidQuoteFields-226] + _ = x[ErrInvalidRequestParameter-227] + _ = x[ErrInvalidDataType-228] + _ = x[ErrInvalidTextEncoding-229] + _ = x[ErrInvalidDataSource-230] + _ = x[ErrInvalidTableAlias-231] + _ = x[ErrMissingRequiredParameter-232] + _ = x[ErrObjectSerializationConflict-233] + _ = x[ErrUnsupportedSQLOperation-234] + _ = x[ErrUnsupportedSQLStructure-235] + _ = x[ErrUnsupportedSyntax-236] + _ = x[ErrUnsupportedRangeHeader-237] + _ = x[ErrLexerInvalidChar-238] + _ = x[ErrLexerInvalidOperator-239] + _ = x[ErrLexerInvalidLiteral-240] + _ = x[ErrLexerInvalidIONLiteral-241] + _ = x[ErrParseExpectedDatePart-242] + _ = x[ErrParseExpectedKeyword-243] + _ = x[ErrParseExpectedTokenType-244] + _ = x[ErrParseExpected2TokenTypes-245] + _ = x[ErrParseExpectedNumber-246] + _ = x[ErrParseExpectedRightParenBuiltinFunctionCall-247] + _ = x[ErrParseExpectedTypeName-248] + _ = x[ErrParseExpectedWhenClause-249] + _ = x[ErrParseUnsupportedToken-250] + _ = x[ErrParseUnsupportedLiteralsGroupBy-251] + _ = x[ErrParseExpectedMember-252] + _ = x[ErrParseUnsupportedSelect-253] + _ = x[ErrParseUnsupportedCase-254] + _ = x[ErrParseUnsupportedCaseClause-255] + _ = x[ErrParseUnsupportedAlias-256] + _ = x[ErrParseUnsupportedSyntax-257] + _ = x[ErrParseUnknownOperator-258] + _ = x[ErrParseMissingIdentAfterAt-259] + _ = x[ErrParseUnexpectedOperator-260] + _ = x[ErrParseUnexpectedTerm-261] + _ = x[ErrParseUnexpectedToken-262] + _ = x[ErrParseUnexpectedKeyword-263] + _ = x[ErrParseExpectedExpression-264] + _ = x[ErrParseExpectedLeftParenAfterCast-265] + _ = x[ErrParseExpectedLeftParenValueConstructor-266] + _ = x[ErrParseExpectedLeftParenBuiltinFunctionCall-267] + _ = x[ErrParseExpectedArgumentDelimiter-268] + _ = x[ErrParseCastArity-269] + _ = x[ErrParseInvalidTypeParam-270] + _ = x[ErrParseEmptySelect-271] + _ = x[ErrParseSelectMissingFrom-272] + _ = x[ErrParseExpectedIdentForGroupName-273] + _ = x[ErrParseExpectedIdentForAlias-274] + _ = x[ErrParseUnsupportedCallWithStar-275] + _ = x[ErrParseNonUnaryAgregateFunctionCall-276] + _ = x[ErrParseMalformedJoin-277] + _ = x[ErrParseExpectedIdentForAt-278] + _ = x[ErrParseAsteriskIsNotAloneInSelectList-279] + _ = x[ErrParseCannotMixSqbAndWildcardInSelectList-280] + _ = x[ErrParseInvalidContextForWildcardInSelectList-281] + _ = x[ErrIncorrectSQLFunctionArgumentType-282] + _ = x[ErrValueParseFailure-283] + _ = x[ErrEvaluatorInvalidArguments-284] + _ = x[ErrIntegerOverflow-285] + _ = x[ErrLikeInvalidInputs-286] + _ = x[ErrCastFailed-287] + _ = x[ErrInvalidCast-288] + _ = x[ErrEvaluatorInvalidTimestampFormatPattern-289] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbolForParsing-290] + _ = x[ErrEvaluatorTimestampFormatPatternDuplicateFields-291] + _ = x[ErrEvaluatorTimestampFormatPatternHourClockAmPmMismatch-292] + _ = x[ErrEvaluatorUnterminatedTimestampFormatPatternToken-293] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternToken-294] + _ = x[ErrEvaluatorInvalidTimestampFormatPatternSymbol-295] + _ = x[ErrEvaluatorBindingDoesNotExist-296] + _ = x[ErrMissingHeaders-297] + _ = x[ErrInvalidColumnIndex-298] + _ = x[ErrAdminConfigNotificationTargetsFailed-299] + _ = x[ErrAdminProfilerNotEnabled-300] + _ = x[ErrInvalidDecompressedSize-301] + _ = x[ErrAddUserInvalidArgument-302] + _ = x[ErrAdminResourceInvalidArgument-303] + _ = x[ErrAdminAccountNotEligible-304] + _ = x[ErrAccountNotEligible-305] + _ = x[ErrAdminServiceAccountNotFound-306] + _ = x[ErrPostPolicyConditionInvalidFormat-307] + _ = x[ErrInvalidChecksum-308] + _ = x[ErrLambdaARNInvalid-309] + _ = x[ErrLambdaARNNotFound-310] + _ = x[apiErrCodeEnd-311] } -const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyAddErrorReplicationNoExistingObjectsObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedExcessDataInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameInvalidLifecycleQueryParameterServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPNonDefaultConfigNameAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd" +const _APIErrorCode_name = "NoneAccessDeniedBadDigestEntityTooSmallEntityTooLargePolicyTooLargeIncompleteBodyInternalErrorInvalidAccessKeyIDAccessKeyDisabledInvalidBucketNameInvalidDigestInvalidRangeInvalidRangePartNumberInvalidCopyPartRangeInvalidCopyPartRangeSourceInvalidMaxKeysInvalidEncodingMethodInvalidMaxUploadsInvalidMaxPartsInvalidPartNumberMarkerInvalidPartNumberInvalidRequestBodyInvalidCopySourceInvalidMetadataDirectiveInvalidCopyDestInvalidPolicyDocumentInvalidObjectStateMalformedXMLMissingContentLengthMissingContentMD5MissingRequestBodyErrorMissingSecurityHeaderNoSuchBucketNoSuchBucketPolicyNoSuchBucketLifecycleNoSuchLifecycleConfigurationInvalidLifecycleWithObjectLockNoSuchBucketSSEConfigNoSuchCORSConfigurationNoSuchWebsiteConfigurationReplicationConfigurationNotFoundErrorRemoteDestinationNotFoundErrorReplicationDestinationMissingLockRemoteTargetNotFoundErrorReplicationRemoteConnectionErrorReplicationBandwidthLimitErrorBucketRemoteIdenticalToSourceBucketRemoteAlreadyExistsBucketRemoteLabelInUseBucketRemoteArnTypeInvalidBucketRemoteArnInvalidBucketRemoteRemoveDisallowedRemoteTargetNotVersionedErrorReplicationSourceNotVersionedErrorReplicationNeedsVersioningErrorReplicationBucketNeedsVersioningErrorReplicationDenyEditErrorRemoteTargetDenyAddErrorReplicationNoExistingObjectsObjectRestoreAlreadyInProgressNoSuchKeyNoSuchUploadInvalidVersionIDNoSuchVersionNotImplementedPreconditionFailedRequestTimeTooSkewedSignatureDoesNotMatchMethodNotAllowedInvalidPartInvalidPartOrderAuthorizationHeaderMalformedMalformedPOSTRequestPOSTFileRequiredSignatureVersionNotSupportedBucketNotEmptyAllAccessDisabledPolicyInvalidVersionMissingFieldsMissingCredTagCredMalformedInvalidRegionInvalidServiceS3InvalidServiceSTSInvalidRequestVersionMissingSignTagMissingSignHeadersTagMalformedDateMalformedPresignedDateMalformedCredentialDateMalformedExpiresNegativeExpiresAuthHeaderEmptyExpiredPresignRequestRequestNotReadyYetUnsignedHeadersMissingDateHeaderInvalidQuerySignatureAlgoInvalidQueryParamsBucketAlreadyOwnedByYouInvalidDurationBucketAlreadyExistsMetadataTooLargeUnsupportedMetadataMaximumExpiresSlowDownInvalidPrefixMarkerBadRequestKeyTooLongErrorInvalidBucketObjectLockConfigurationObjectLockConfigurationNotFoundObjectLockConfigurationNotAllowedNoSuchObjectLockConfigurationObjectLockedInvalidRetentionDatePastObjectLockRetainDateUnknownWORMModeDirectiveBucketTaggingNotFoundObjectLockInvalidHeadersInvalidTagDirectivePolicyAlreadyAttachedPolicyNotAttachedExcessDataInvalidEncryptionMethodInvalidEncryptionKeyIDInsecureSSECustomerRequestSSEMultipartEncryptedSSEEncryptedObjectInvalidEncryptionParametersInvalidEncryptionParametersSSECInvalidSSECustomerAlgorithmInvalidSSECustomerKeyMissingSSECustomerKeyMissingSSECustomerKeyMD5SSECustomerKeyMD5MismatchInvalidSSECustomerParametersIncompatibleEncryptionMethodKMSNotConfiguredKMSKeyNotFoundExceptionKMSDefaultKeyAlreadyConfiguredNoAccessKeyInvalidTokenEventNotificationARNNotificationRegionNotificationOverlappingFilterNotificationFilterNameInvalidFilterNamePrefixFilterNameSuffixFilterValueInvalidOverlappingConfigsUnsupportedNotificationContentSHA256MismatchContentChecksumMismatchStorageFullRequestBodyParseObjectExistsAsDirectoryInvalidObjectNameInvalidObjectNamePrefixSlashInvalidResourceNameInvalidLifecycleQueryParameterServerNotInitializedOperationTimedOutClientDisconnectedOperationMaxedOutInvalidRequestTransitionStorageClassNotFoundErrorInvalidStorageClassBackendDownMalformedJSONAdminNoSuchUserAdminNoSuchUserLDAPWarnAdminNoSuchGroupAdminGroupNotEmptyAdminGroupDisabledAdminNoSuchJobAdminNoSuchPolicyAdminPolicyChangeAlreadyAppliedAdminInvalidArgumentAdminInvalidAccessKeyAdminInvalidSecretKeyAdminConfigNoQuorumAdminConfigTooLargeAdminConfigBadJSONAdminNoSuchConfigTargetAdminConfigEnvOverriddenAdminConfigDuplicateKeysAdminConfigInvalidIDPTypeAdminConfigLDAPNonDefaultConfigNameAdminConfigLDAPValidationAdminConfigIDPCfgNameAlreadyExistsAdminConfigIDPCfgNameDoesNotExistAdminCredentialsMismatchInsecureClientRequestObjectTamperedSiteReplicationInvalidRequestSiteReplicationPeerRespSiteReplicationBackendIssueSiteReplicationServiceAccountErrorSiteReplicationBucketConfigErrorSiteReplicationBucketMetaErrorSiteReplicationIAMErrorSiteReplicationConfigMissingAdminRebalanceAlreadyStartedAdminRebalanceNotStartedAdminBucketQuotaExceededAdminNoSuchQuotaConfigurationHealNotImplementedHealNoSuchProcessHealInvalidClientTokenHealMissingBucketHealAlreadyRunningHealOverlappingPathsIncorrectContinuationTokenEmptyRequestBodyUnsupportedFunctionInvalidExpressionTypeBusyUnauthorizedAccessExpressionTooLongIllegalSQLFunctionArgumentInvalidKeyPathInvalidCompressionFormatInvalidFileHeaderInfoInvalidJSONTypeInvalidQuoteFieldsInvalidRequestParameterInvalidDataTypeInvalidTextEncodingInvalidDataSourceInvalidTableAliasMissingRequiredParameterObjectSerializationConflictUnsupportedSQLOperationUnsupportedSQLStructureUnsupportedSyntaxUnsupportedRangeHeaderLexerInvalidCharLexerInvalidOperatorLexerInvalidLiteralLexerInvalidIONLiteralParseExpectedDatePartParseExpectedKeywordParseExpectedTokenTypeParseExpected2TokenTypesParseExpectedNumberParseExpectedRightParenBuiltinFunctionCallParseExpectedTypeNameParseExpectedWhenClauseParseUnsupportedTokenParseUnsupportedLiteralsGroupByParseExpectedMemberParseUnsupportedSelectParseUnsupportedCaseParseUnsupportedCaseClauseParseUnsupportedAliasParseUnsupportedSyntaxParseUnknownOperatorParseMissingIdentAfterAtParseUnexpectedOperatorParseUnexpectedTermParseUnexpectedTokenParseUnexpectedKeywordParseExpectedExpressionParseExpectedLeftParenAfterCastParseExpectedLeftParenValueConstructorParseExpectedLeftParenBuiltinFunctionCallParseExpectedArgumentDelimiterParseCastArityParseInvalidTypeParamParseEmptySelectParseSelectMissingFromParseExpectedIdentForGroupNameParseExpectedIdentForAliasParseUnsupportedCallWithStarParseNonUnaryAgregateFunctionCallParseMalformedJoinParseExpectedIdentForAtParseAsteriskIsNotAloneInSelectListParseCannotMixSqbAndWildcardInSelectListParseInvalidContextForWildcardInSelectListIncorrectSQLFunctionArgumentTypeValueParseFailureEvaluatorInvalidArgumentsIntegerOverflowLikeInvalidInputsCastFailedInvalidCastEvaluatorInvalidTimestampFormatPatternEvaluatorInvalidTimestampFormatPatternSymbolForParsingEvaluatorTimestampFormatPatternDuplicateFieldsEvaluatorTimestampFormatPatternHourClockAmPmMismatchEvaluatorUnterminatedTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternTokenEvaluatorInvalidTimestampFormatPatternSymbolEvaluatorBindingDoesNotExistMissingHeadersInvalidColumnIndexAdminConfigNotificationTargetsFailedAdminProfilerNotEnabledInvalidDecompressedSizeAddUserInvalidArgumentAdminResourceInvalidArgumentAdminAccountNotEligibleAccountNotEligibleAdminServiceAccountNotFoundPostPolicyConditionInvalidFormatInvalidChecksumLambdaARNInvalidLambdaARNNotFoundapiErrCodeEnd" -var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1249, 1277, 1307, 1316, 1328, 1344, 1357, 1371, 1389, 1409, 1430, 1446, 1457, 1473, 1501, 1521, 1537, 1565, 1579, 1596, 1616, 1629, 1643, 1656, 1669, 1685, 1702, 1723, 1737, 1758, 1771, 1793, 1816, 1832, 1847, 1862, 1883, 1901, 1916, 1933, 1958, 1976, 1999, 2014, 2033, 2049, 2068, 2082, 2090, 2109, 2119, 2134, 2170, 2201, 2234, 2263, 2275, 2295, 2319, 2343, 2364, 2388, 2407, 2428, 2445, 2455, 2478, 2500, 2526, 2547, 2565, 2592, 2623, 2650, 2671, 2692, 2716, 2741, 2769, 2797, 2813, 2836, 2866, 2877, 2889, 2906, 2921, 2939, 2968, 2985, 3001, 3017, 3035, 3053, 3076, 3097, 3120, 3131, 3147, 3170, 3187, 3215, 3234, 3264, 3284, 3301, 3319, 3336, 3350, 3385, 3404, 3415, 3428, 3443, 3459, 3477, 3495, 3509, 3526, 3557, 3577, 3598, 3619, 3638, 3657, 3675, 3698, 3722, 3746, 3771, 3806, 3831, 3865, 3898, 3922, 3943, 3957, 3986, 4009, 4036, 4070, 4102, 4132, 4155, 4183, 4211, 4235, 4259, 4288, 4306, 4323, 4345, 4362, 4380, 4400, 4426, 4442, 4461, 4482, 4486, 4504, 4521, 4547, 4561, 4585, 4606, 4621, 4639, 4662, 4677, 4696, 4713, 4730, 4754, 4781, 4804, 4827, 4844, 4866, 4882, 4902, 4921, 4943, 4964, 4984, 5006, 5030, 5049, 5091, 5112, 5135, 5156, 5187, 5206, 5228, 5248, 5274, 5295, 5317, 5337, 5361, 5384, 5403, 5423, 5445, 5468, 5499, 5537, 5578, 5608, 5622, 5643, 5659, 5681, 5711, 5737, 5765, 5798, 5816, 5839, 5874, 5914, 5956, 5988, 6005, 6030, 6045, 6062, 6072, 6083, 6121, 6175, 6221, 6273, 6321, 6364, 6408, 6436, 6450, 6468, 6504, 6527, 6550, 6572, 6600, 6623, 6641, 6668, 6700, 6715, 6731, 6748, 6761} +var _APIErrorCode_index = [...]uint16{0, 4, 16, 25, 39, 53, 67, 81, 94, 112, 129, 146, 159, 171, 193, 213, 239, 253, 274, 291, 306, 329, 346, 364, 381, 405, 420, 441, 459, 471, 491, 508, 531, 552, 564, 582, 603, 631, 661, 682, 705, 731, 768, 798, 831, 856, 888, 918, 947, 972, 994, 1020, 1042, 1070, 1099, 1133, 1164, 1201, 1225, 1249, 1277, 1307, 1316, 1328, 1344, 1357, 1371, 1389, 1409, 1430, 1446, 1457, 1473, 1501, 1521, 1537, 1565, 1579, 1596, 1616, 1629, 1643, 1656, 1669, 1685, 1702, 1723, 1737, 1758, 1771, 1793, 1816, 1832, 1847, 1862, 1883, 1901, 1916, 1933, 1958, 1976, 1999, 2014, 2033, 2049, 2068, 2082, 2090, 2109, 2119, 2134, 2170, 2201, 2234, 2263, 2275, 2295, 2319, 2343, 2364, 2388, 2407, 2428, 2445, 2455, 2478, 2500, 2526, 2547, 2565, 2592, 2623, 2650, 2671, 2692, 2716, 2741, 2769, 2797, 2813, 2836, 2866, 2877, 2889, 2906, 2921, 2939, 2968, 2985, 3001, 3017, 3035, 3053, 3076, 3097, 3120, 3131, 3147, 3170, 3187, 3215, 3234, 3264, 3284, 3301, 3319, 3336, 3350, 3385, 3404, 3415, 3428, 3443, 3466, 3482, 3500, 3518, 3532, 3549, 3580, 3600, 3621, 3642, 3661, 3680, 3698, 3721, 3745, 3769, 3794, 3829, 3854, 3888, 3921, 3945, 3966, 3980, 4009, 4032, 4059, 4093, 4125, 4155, 4178, 4206, 4234, 4258, 4282, 4311, 4329, 4346, 4368, 4385, 4403, 4423, 4449, 4465, 4484, 4505, 4509, 4527, 4544, 4570, 4584, 4608, 4629, 4644, 4662, 4685, 4700, 4719, 4736, 4753, 4777, 4804, 4827, 4850, 4867, 4889, 4905, 4925, 4944, 4966, 4987, 5007, 5029, 5053, 5072, 5114, 5135, 5158, 5179, 5210, 5229, 5251, 5271, 5297, 5318, 5340, 5360, 5384, 5407, 5426, 5446, 5468, 5491, 5522, 5560, 5601, 5631, 5645, 5666, 5682, 5704, 5734, 5760, 5788, 5821, 5839, 5862, 5897, 5937, 5979, 6011, 6028, 6053, 6068, 6085, 6095, 6106, 6144, 6198, 6244, 6296, 6344, 6387, 6431, 6459, 6473, 6491, 6527, 6550, 6573, 6595, 6623, 6646, 6664, 6691, 6723, 6738, 6754, 6771, 6784} func (i APIErrorCode) String() string { if i < 0 || i >= APIErrorCode(len(_APIErrorCode_index)-1) { diff --git a/cmd/typed-errors.go b/cmd/typed-errors.go index d10a31a79..9c6980e4f 100644 --- a/cmd/typed-errors.go +++ b/cmd/typed-errors.go @@ -65,6 +65,10 @@ var errInvalidDecompressedSize = errors.New("Invalid Decompressed Size") // error returned in IAM subsystem when user doesn't exist. var errNoSuchUser = errors.New("Specified user does not exist") +// error returned by IAM when a use a builtin IDP command when they could mean +// to use a LDAP command. +var errNoSuchUserLDAPWarn = errors.New("Specified user does not exist. If you meant a user in LDAP please use command under `mc idp ldap`") + // error returned when service account is not found var errNoSuchServiceAccount = errors.New("Specified service account does not exist") diff --git a/docs/site-replication/run-multi-site-ldap.sh b/docs/site-replication/run-multi-site-ldap.sh index 37b5e6cca..ed2222a82 100755 --- a/docs/site-replication/run-multi-site-ldap.sh +++ b/docs/site-replication/run-multi-site-ldap.sh @@ -64,7 +64,7 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003 ./mc admin replicate add minio1 minio2 minio3 -./mc admin policy attach minio1 consoleAdmin --user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io" +./mc admin idp ldap policy attach minio1 consoleAdmin --user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io" sleep 5 ./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"