You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2020/01/25 20:31:08 UTC
[GitHub] [guacamole-client] mike-jumper opened a new pull request #468:
GUACAMOLE-936: Use same bind/connect process for all LDAP connections,
including referrals.
mike-jumper opened a new pull request #468: GUACAMOLE-936: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468
This change refactors the LDAP connection process such that the same pair of functions are always used for all connections:
* `createLDAPConnection()`, an internal function with several variants that simply constructs a new `LdapNetworkConnection` object having specific parameters set. The resulting object is *not* yet connected.
* `bindAs()`, which binds an `LdapNetworkConnection` using any one of several possible sources of credentials. The Apache Directory API will automatically connect before attempting to bind.
Part of this involved switching over to using `LdapConnectionConfig` internally for specifying the username/password of the bind operation, as the credentials used to bind will not be available for later reuse (such as when following a referral) unless they are associated with the `LdapConnectionConfig`. Constructing and using a `BindRequest` manually does not touch the `LdapConnectionConfig`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] mike-jumper commented on issue #468:
GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
mike-jumper commented on issue #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#issuecomment-578514917
OK - I've added automatic STARTTLS for LDAP URLs (when the main connection is configured for STARTTLS) and corrected the typos and copypasta.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on a change in pull request
#468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r370986604
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -104,151 +117,254 @@ private LdapNetworkConnection createLDAPConnection() throws GuacamoleException {
}
+ return new LdapNetworkConnection(config);
+
}
/**
- * Binds to the LDAP server using the provided user DN and password.
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are requested
+ * within guacamole.properties. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
+ * (such as a bind).
*
- * @param userDN
- * The DN of the user to bind as, or null to bind anonymously.
+ * @return
+ * A new LdapNetworkConnection instance which has already been
+ * configured to use the encryption method, hostname, and port
+ * requested within guacamole.properties.
*
- * @param password
- * The password to use when binding as the specified user, or null to
- * attempt to bind without a password.
+ * @throws GuacamoleException
+ * If an error occurs while parsing guacamole.properties, or if the
+ * requested encryption method is actually not implemented (a bug).
+ */
+ private LdapNetworkConnection createLDAPConnection()
+ throws GuacamoleException {
+ return createLDAPConnection(
+ confService.getServerHostname(),
+ confService.getServerPort(),
+ confService.getEncryptionMethod());
+ }
+
+ /**
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are specified
+ * within the given LDAP URL. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
Review comment:
And same missing *be* here (will not be connected)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] mike-jumper commented on a change in pull
request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP
connections, including referrals.
Posted by GitBox <gi...@apache.org>.
mike-jumper commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r371008709
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -104,151 +117,254 @@ private LdapNetworkConnection createLDAPConnection() throws GuacamoleException {
}
+ return new LdapNetworkConnection(config);
+
}
/**
- * Binds to the LDAP server using the provided user DN and password.
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are requested
+ * within guacamole.properties. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
+ * (such as a bind).
*
- * @param userDN
- * The DN of the user to bind as, or null to bind anonymously.
+ * @return
+ * A new LdapNetworkConnection instance which has already been
+ * configured to use the encryption method, hostname, and port
+ * requested within guacamole.properties.
*
- * @param password
- * The password to use when binding as the specified user, or null to
- * attempt to bind without a password.
+ * @throws GuacamoleException
+ * If an error occurs while parsing guacamole.properties, or if the
+ * requested encryption method is actually not implemented (a bug).
+ */
+ private LdapNetworkConnection createLDAPConnection()
+ throws GuacamoleException {
+ return createLDAPConnection(
+ confService.getServerHostname(),
+ confService.getServerPort(),
+ confService.getEncryptionMethod());
+ }
+
+ /**
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are specified
+ * within the given LDAP URL. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
+ * (such as a bind).
+ *
+ * @param url
+ * The LDAP URL containing the details which should be used to connect
+ * to the LDAP server.
*
* @return
- * A bound LDAP connection, or null if the connection could not be
- * bound.
+ * A new LdapNetworkConnection instance which has already been
+ * configured to use the encryption method, hostname, and port
+ * specified within the given LDAP URL.
*
* @throws GuacamoleException
- * If the configuration details relevant to binding to the LDAP server
- * cannot be read.
+ * If the given URL is not a valid LDAP URL, or if the encryption
+ * method indicated by the URL is known but not actually implemented (a
+ * bug).
*/
- public LdapNetworkConnection bindAs(Dn userDN, String password)
+ private LdapNetworkConnection createLDAPConnection(String url)
throws GuacamoleException {
- // Get ldapConnection and try to connect and bind.
- LdapNetworkConnection ldapConnection = createLDAPConnection();
+ // Parse provided LDAP URL
+ LdapUrl ldapUrl;
try {
+ ldapUrl = new LdapUrl(url);
+ }
+ catch (LdapException e) {
+ logger.debug("Cannot connect to LDAP URL \"{}\": URL is invalid.", url, e);
+ throw new GuacamoleServerException("Invalid LDAP URL.", e);
+ }
+
+ // Retrieve hostname from URL, bailing out if no hostname is present
+ String host = ldapUrl.getHost();
+ if (host == null || host.isEmpty()) {
+ logger.debug("Cannot connect to LDAP URL \"{}\": no hostname is present.", url);
+ throw new GuacamoleServerException("LDAP URL contains no hostname.");
+ }
+
+ // Parse encryption method from URL scheme
+ EncryptionMethod encryptionMethod = EncryptionMethod.NONE;
+ if (LdapUrl.LDAPS_SCHEME.equals(ldapUrl.getScheme()))
+ encryptionMethod = EncryptionMethod.SSL;
- // Connect to LDAP server
- ldapConnection.connect();
+ // If no post is specified within the URL, use the default port
+ // dictated by the encryption method
+ int port = ldapUrl.getPort();
+ if (port < 1)
+ port = encryptionMethod.DEFAULT_PORT;
+
+ return createLDAPConnection(host, port, encryptionMethod);
- // Explicitly start TLS if requested
- if (confService.getEncryptionMethod() == EncryptionMethod.STARTTLS)
- ldapConnection.startTls();
Review comment:
As far as normal binds go, we are still using TLS when requested - it's just set up via the `LdapConnectionConfig` and thus automatically applied when the Apache Directory API does its internal `connect()`:
https://github.com/apache/guacamole-client/blob/cb53b17afb30d5cbd1c4f744344dd2f32c6fe1b4/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java#L107-L111
My understanding of the previous iteration of this code was that TLS was not applied to referrals, as the code being removed here (and replaced with `setUseTls(true)`) is specific to the old version of `bindAs()`, which was not called for referral URLs.
We could apply TLS for referrals, as well. It would be a simply matter of choosing that `EncryptionMethod` when delegating the creation of the LDAP connection for an LDAP referral:
https://github.com/apache/guacamole-client/blob/cb53b17afb30d5cbd1c4f744344dd2f32c6fe1b4/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java#L193-L196
I agree this makes sense (a deployment which requires STARTTLS for the main connection should generally be expected to also require it for `ldap://` connections encountered in referrals). I'll add this.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on a change in pull request
#468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r370986531
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -104,151 +117,254 @@ private LdapNetworkConnection createLDAPConnection() throws GuacamoleException {
}
+ return new LdapNetworkConnection(config);
+
}
/**
- * Binds to the LDAP server using the provided user DN and password.
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are requested
+ * within guacamole.properties. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
Review comment:
"until a bind operation"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman merged pull request #468:
GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman merged pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on a change in pull request
#468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r370986591
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -104,151 +117,254 @@ private LdapNetworkConnection createLDAPConnection() throws GuacamoleException {
}
+ return new LdapNetworkConnection(config);
+
}
/**
- * Binds to the LDAP server using the provided user DN and password.
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are requested
+ * within guacamole.properties. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
+ * (such as a bind).
*
- * @param userDN
- * The DN of the user to bind as, or null to bind anonymously.
+ * @return
+ * A new LdapNetworkConnection instance which has already been
+ * configured to use the encryption method, hostname, and port
+ * requested within guacamole.properties.
*
- * @param password
- * The password to use when binding as the specified user, or null to
- * attempt to bind without a password.
+ * @throws GuacamoleException
+ * If an error occurs while parsing guacamole.properties, or if the
+ * requested encryption method is actually not implemented (a bug).
+ */
+ private LdapNetworkConnection createLDAPConnection()
+ throws GuacamoleException {
+ return createLDAPConnection(
+ confService.getServerHostname(),
+ confService.getServerPort(),
+ confService.getEncryptionMethod());
+ }
+
+ /**
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are specified
+ * within the given LDAP URL. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
Review comment:
And, same extra "it" here...
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on a change in pull request
#468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r370986552
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -104,151 +117,254 @@ private LdapNetworkConnection createLDAPConnection() throws GuacamoleException {
}
+ return new LdapNetworkConnection(config);
+
}
/**
- * Binds to the LDAP server using the provided user DN and password.
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are requested
+ * within guacamole.properties. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
Review comment:
"will not *be* connected"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on issue #468:
GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on issue #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#issuecomment-578520436
Cool, looks good to me.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] mike-jumper commented on issue #468:
GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
mike-jumper commented on issue #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#issuecomment-578449753
Some of this inherently improves the logging, as there were cases of errors being relegated to the debug level only due to the way things were structured. The restructured and central `bindAs()` will always log errors except those which are purely authentication-related (and thus expected to occur under normal circumstances).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on a change in pull request
#468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r370986762
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -104,151 +117,254 @@ private LdapNetworkConnection createLDAPConnection() throws GuacamoleException {
}
+ return new LdapNetworkConnection(config);
+
}
/**
- * Binds to the LDAP server using the provided user DN and password.
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are requested
+ * within guacamole.properties. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
+ * (such as a bind).
*
- * @param userDN
- * The DN of the user to bind as, or null to bind anonymously.
+ * @return
+ * A new LdapNetworkConnection instance which has already been
+ * configured to use the encryption method, hostname, and port
+ * requested within guacamole.properties.
*
- * @param password
- * The password to use when binding as the specified user, or null to
- * attempt to bind without a password.
+ * @throws GuacamoleException
+ * If an error occurs while parsing guacamole.properties, or if the
+ * requested encryption method is actually not implemented (a bug).
+ */
+ private LdapNetworkConnection createLDAPConnection()
+ throws GuacamoleException {
+ return createLDAPConnection(
+ confService.getServerHostname(),
+ confService.getServerPort(),
+ confService.getEncryptionMethod());
+ }
+
+ /**
+ * Creates a new instance of LdapNetworkConnection, configured as required
+ * to use whichever encryption method, hostname, and port are specified
+ * within the given LDAP URL. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
+ * (such as a bind).
+ *
+ * @param url
+ * The LDAP URL containing the details which should be used to connect
+ * to the LDAP server.
*
* @return
- * A bound LDAP connection, or null if the connection could not be
- * bound.
+ * A new LdapNetworkConnection instance which has already been
+ * configured to use the encryption method, hostname, and port
+ * specified within the given LDAP URL.
*
* @throws GuacamoleException
- * If the configuration details relevant to binding to the LDAP server
- * cannot be read.
+ * If the given URL is not a valid LDAP URL, or if the encryption
+ * method indicated by the URL is known but not actually implemented (a
+ * bug).
*/
- public LdapNetworkConnection bindAs(Dn userDN, String password)
+ private LdapNetworkConnection createLDAPConnection(String url)
throws GuacamoleException {
- // Get ldapConnection and try to connect and bind.
- LdapNetworkConnection ldapConnection = createLDAPConnection();
+ // Parse provided LDAP URL
+ LdapUrl ldapUrl;
try {
+ ldapUrl = new LdapUrl(url);
+ }
+ catch (LdapException e) {
+ logger.debug("Cannot connect to LDAP URL \"{}\": URL is invalid.", url, e);
+ throw new GuacamoleServerException("Invalid LDAP URL.", e);
+ }
+
+ // Retrieve hostname from URL, bailing out if no hostname is present
+ String host = ldapUrl.getHost();
+ if (host == null || host.isEmpty()) {
+ logger.debug("Cannot connect to LDAP URL \"{}\": no hostname is present.", url);
+ throw new GuacamoleServerException("LDAP URL contains no hostname.");
+ }
+
+ // Parse encryption method from URL scheme
+ EncryptionMethod encryptionMethod = EncryptionMethod.NONE;
+ if (LdapUrl.LDAPS_SCHEME.equals(ldapUrl.getScheme()))
+ encryptionMethod = EncryptionMethod.SSL;
- // Connect to LDAP server
- ldapConnection.connect();
+ // If no post is specified within the URL, use the default port
+ // dictated by the encryption method
+ int port = ldapUrl.getPort();
+ if (port < 1)
+ port = encryptionMethod.DEFAULT_PORT;
+
+ return createLDAPConnection(host, port, encryptionMethod);
- // Explicitly start TLS if requested
- if (confService.getEncryptionMethod() == EncryptionMethod.STARTTLS)
- ldapConnection.startTls();
Review comment:
Why are we not looking at the TLS encryption method, here? Since there's not really a way that I know of within the LDAP URL to specify that we want TLS encryption, and since we assume no encryption if not set to LDAPS, it seems like we'd want to allow the user to use the URL, but override the encryption with TLS? Or at least try?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on a change in pull request
#468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r370986428
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -61,41 +57,58 @@
/**
* Creates a new instance of LdapNetworkConnection, configured as required
- * to use whichever encryption method is requested within
- * guacamole.properties.
+ * to use the given encryption method to communicate with the LDAP server
+ * at the given hostname and port. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
Review comment:
Extra "it" here, I think.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
[GitHub] [guacamole-client] necouchman commented on a change in pull request
#468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections,
including referrals.
Posted by GitBox <gi...@apache.org>.
necouchman commented on a change in pull request #468: GUACAMOLE-938: Use same bind/connect process for all LDAP connections, including referrals.
URL: https://github.com/apache/guacamole-client/pull/468#discussion_r370986449
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
##########
@@ -61,41 +57,58 @@
/**
* Creates a new instance of LdapNetworkConnection, configured as required
- * to use whichever encryption method is requested within
- * guacamole.properties.
+ * to use the given encryption method to communicate with the LDAP server
+ * at the given hostname and port. The returned LdapNetworkConnection is
+ * configured for use but is not yet connected nor bound to the LDAP
+ * server. It will not be bound until it a bind operation is explicitly
+ * requested, and will not connected until it is used in an LDAP operation
Review comment:
"and will not *be* connected"
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services