From a8d601b64a0f01aae61530d121f66b2c5f58f13d Mon Sep 17 00:00:00 2001
From: Harshavardhana <harsha@minio.io>
Date: Tue, 16 Apr 2024 17:36:43 -0700
Subject: [PATCH] allow detaching any non-normalized DN (#19525)

---
 cmd/iam.go | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/cmd/iam.go b/cmd/iam.go
index e38644d83..1a666367b 100644
--- a/cmd/iam.go
+++ b/cmd/iam.go
@@ -1770,6 +1770,19 @@ func (sys *IAMSys) PolicyDBUpdateLDAP(ctx context.Context, isAttach bool,
 		isGroup = true
 	}
 
+	// Backward compatibility in detaching non-normalized DNs.
+	if !isAttach {
+		var oldDN string
+		if isGroup {
+			oldDN = r.Group
+		} else {
+			oldDN = r.User
+		}
+		if oldDN != dn {
+			sys.store.PolicyDBUpdate(ctx, oldDN, isGroup, stsUser, r.Policies, isAttach)
+		}
+	}
+
 	userType := stsUser
 	updatedAt, addedOrRemoved, effectivePolicies, err = sys.store.PolicyDBUpdate(
 		ctx, dn, isGroup, userType, r.Policies, isAttach)