Merge pull request #2005 from hashicorp/dedup-ldap-policies
Deduplicate the policies in ldap backend
This commit is contained in:
commit
6dd560d9c6
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/go-ldap/ldap"
|
||||
"github.com/hashicorp/vault/helper/mfa"
|
||||
"github.com/hashicorp/vault/helper/strutil"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
"github.com/hashicorp/vault/logical/framework"
|
||||
)
|
||||
|
@ -158,6 +159,9 @@ func (b *backend) Login(req *logical.Request, username string, password string)
|
|||
}
|
||||
}
|
||||
|
||||
// Policies from each group may overlap
|
||||
policies = strutil.RemoveDuplicates(policies)
|
||||
|
||||
if len(policies) == 0 {
|
||||
errStr := "user is not a member of any authorized group"
|
||||
if len(ldapResponse.Warnings()) > 0 {
|
||||
|
|
Loading…
Reference in a new issue