.An LDAP user can access buckets created by a local RGW user with the same name
The RADOS Object Gateway (RGW) does not differentiate between a local RGW user and an LDAP user with the same name. As a consequence, the LDAP user can access the buckets created by the local RGW user.
To work around this issue, use different names for RGW and LDAP users.
Description of problem:
If we have local rgw user and an LDAP user with the same name then RGW doesn't differentiate between them. so a bucket created by local user will be visible to ldap user. Not sure is this expected behaviour else it will be a security flaw.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.configure rgw , created a local user with name "user1" and create few buckets with keys
2.setup ldap and create an user with same name "user1"
3.from s3 api authenticate ldap user "user1" and try to list buckets
All the buckets of local rgw user "user1" will be listed even though we have userd ldap user's key
Pritha's fix has been pending upstream, looks like it can be merged by 4, not needed for 3.x.
I have closed this issue because it has been inactive for some time now. If you feel this still deserves attention feel free to reopen it.