Fixes issue that prevents LDAP users to authenticate (#605)

Author: Alevsk

DEVELOPMENT.md

@@ -12,7 +12,7 @@ Run the `billy.ldif` file using `ldapadd` command to create a new user and assig
 
 ```
 $ docker cp console/docs/ldap/billy.ldif my-openldap-container:/container/service/slapd/assets/test/billy.ldif
-$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost -ZZ
+$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost
 ```
 
 Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you should get a list 

restapi/user_account.go

@@ -80,7 +80,7 @@ func getChangePasswordResponse(session *models.Principal, params user_api.Accoun
 	}
 	// user credentials are updated at this point, we need to generate a new admin client and authenticate using
 	// the new credentials
-	credentials, err := getConsoleCredentials(ctx, accessKey, newSecretKey, "")
+	credentials, err := getConsoleCredentials(ctx, accessKey, newSecretKey)
 	if err != nil {
 		return nil, prepareError(errInvalidCredentials, nil, err)
 	}

restapi/user_login.go

@@ -113,11 +113,27 @@ func getAccountPolicy(ctx context.Context, client MinioAdmin) (*iampolicy.Policy
 }
 
 // getConsoleCredentials will return consoleCredentials interface including the associated policy of the current account
-func getConsoleCredentials(ctx context.Context, accessKey, secretKey, sessionToken string) (*consoleCredentials, error) {
+func getConsoleCredentials(ctx context.Context, accessKey, secretKey string) (*consoleCredentials, error) {
+	creds, err := newConsoleCredentials(accessKey, secretKey, MinioRegion)
+	if err != nil {
+		return nil, err
+	}
+	// cCredentials will be sts credentials, account credentials will be need it in the scenario the user wish
+	// to change its password
+	cCredentials := &consoleCredentials{
+		consoleCredentials: creds,
+		accountAccessKey:   accessKey,
+		accountSecretKey:   secretKey,
+	}
+	tokens, err := cCredentials.Get()
+	if err != nil {
+		return nil, err
+	}
+	// initialize admin client
 	mAdminClient, err := newMAdminClient(&models.Principal{
-		STSAccessKeyID:     accessKey,
-		STSSecretAccessKey: secretKey,
-		STSSessionToken:    sessionToken,
+		STSAccessKeyID:     tokens.AccessKeyID,
+		STSSecretAccessKey: tokens.SecretAccessKey,
+		STSSessionToken:    tokens.SessionToken,
 	})
 	if err != nil {
 		return nil, err
@@ -137,25 +153,16 @@ func getConsoleCredentials(ctx context.Context, accessKey, secretKey, sessionTok
 	if policy != nil {
 		actions = acl.GetActionsStringFromPolicy(policy)
 	}
-	credentials, err := newConsoleCredentials(accessKey, secretKey, MinioRegion)
-	if err != nil {
-		return nil, err
-	}
-	// consoleCredentials will be sts credentials, account credentials will be need it in the scenario the user wish
-	return &consoleCredentials{
-		consoleCredentials: credentials,
-		accountAccessKey:   accessKey,
-		accountSecretKey:   secretKey,
-		actions:            actions,
-	}, nil
+	cCredentials.actions = actions
+	return cCredentials, nil
 }
 
 // getLoginResponse performs login() and serializes it to the handler's output
 func getLoginResponse(lr *models.LoginRequest) (*models.LoginResponse, *models.Error) {
 	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
 	defer cancel()
 	// prepare console credentials
-	consolCreds, err := getConsoleCredentials(ctx, *lr.AccessKey, *lr.SecretKey, "")
+	consolCreds, err := getConsoleCredentials(ctx, *lr.AccessKey, *lr.SecretKey)
 	if err != nil {
 		return nil, prepareError(errInvalidCredentials, nil, err)
 	}