You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2020/03/27 19:01:00 UTC

[jira] [Closed] (GUACAMOLE-998) LDAP: Do not retrieve all groups from LDAP

     [ https://issues.apache.org/jira/browse/GUACAMOLE-998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Couchman closed GUACAMOLE-998.
-----------------------------------
    Fix Version/s:     (was: 1.2.0)
       Resolution: Duplicate

Someone beat you to this, already - closing as a duplicate.

> LDAP: Do not retrieve all groups from LDAP
> ------------------------------------------
>
>                 Key: GUACAMOLE-998
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-998
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole-auth-ldap
>    Affects Versions: 1.1.0
>         Environment: CentOS 7
>            Reporter: Edgardo Rodriguez
>            Priority: Minor
>              Labels: easyfix, newbie, patch
>         Attachments: UserGroupService_donotretrieveall.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Hi, I have been using Guacamole since 0.9.14. As we use ActiveDirectory LDAP to authenticate every user I found something which might have an explanation but in my scenario is quite undesired.
> Our LDAP is a WorldWide DB and so contains a huge ammount of users and groups.
> According to [the original code|https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java#L90] if we do not use (as in our case) LDAP for storing configuration, then anything containing objectClass attribute (users, computer, groups, etc) will be loaded into Guacamole as a group.
> I do not see clearly why this is done this way, also *ldap-group-base-dn* attribute is not respected at all in this scenario but fortunately at least seems to honor *ldap-user-base-dn*.
> So I modificated this line to, retrieve any object containing the attribute defined by *ldap-member-attribute* which by default is *member*.
>  
> Attached patch does work as spected (by me at least), I am pretty newie with java, so I might be missing something...
>  
> Thanks all for this great piece of software BTW!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)