nats-rest-config-proxy icon indicating copy to clipboard operation
nats-rest-config-proxy copied to clipboard
verified publisher icon nats-io

fix user merge if empty username

Open augustin4s opened this issue 2 years ago • 0 comments

When using NKeys for user authentication:

{
  "nkey": "UCM2BMGMMVT5O2LURJIOE6UAZDVI4CPCEDV2XMGVXPBXWHEROD4OWGM4",
  "permissions": "subscriber",
  "account": "default"
}

Username/password is not allowed.

When you try to add multiple users with NKeys authentication it merges them into one.

Merge is executed due to how the username value is parsed with ldap.ParseDN(u.Username) call. It always results in an empty string if an empty string is passed. As it is considered a valid DN per rfc4514, it executes the code that collects valid DNs and finds any other matching DNs, resulting in an unnecessary user merge when using multiple users with NKeys authentication.

I propose to skip the code that tries to find matching DNs if u.Username is an empty string.

augustin4s avatar May 09 '23 16:05 augustin4s