idp-ldap: Fix create-with-login command

Currently, LDAP create-with-login command is not working properly when
the LDAP user does not have admin:CreateServiceAccount permission.

The permission is normally not needed since a user is allowed
to create a service account for itself. In that case, a temporary
account should be created and a new service account should be issued to
the temporary account access key, and not to the LDAP username as what
the code currently does.

This commit will send the correct target user in that case to make
create-with-login always successful.

cmd/idp-ldap-accesskey-create-with-login.go

@@ -90,6 +90,9 @@ func mainIDPLdapAccesskeyCreateWithLogin(ctx *cli.Context) error {
 func loginLDAPAccesskey(ctx *cli.Context) (*madmin.AdminClient, madmin.AddServiceAccountReq) {
 	urlStr := ctx.Args().First()
 
+	u, e := url.Parse(urlStr)
+	fatalIf(probe.NewError(e), "unable to parse server URL")
+
 	console.SetColor(cred, color.New(color.FgYellow, color.Italic))
 	reader := bufio.NewReader(os.Stdin)
 
@@ -107,14 +110,14 @@ func loginLDAPAccesskey(ctx *cli.Context) (*madmin.AdminClient, madmin.AddServic
 	stsCreds, e := credentials.NewLDAPIdentity(urlStr, username, password)
 	fatalIf(probe.NewError(e), "unable to initialize LDAP identity")
 
-	u, e := url.Parse(urlStr)
-	fatalIf(probe.NewError(e), "unable to parse server URL")
+	tempCreds, e := stsCreds.Get()
+	fatalIf(probe.NewError(e), "unable to create a temporary account from LDAP identity")
 
 	client, e := madmin.NewWithOptions(u.Host, &madmin.Options{
 		Creds:  stsCreds,
 		Secure: u.Scheme == "https",
 	})
 	fatalIf(probe.NewError(e), "unable to initialize admin connection")
 
-	return client, accessKeyCreateOpts(ctx, username)
+	return client, accessKeyCreateOpts(ctx, tempCreds.AccessKeyID)
 }