You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@guacamole.apache.org by "Michael Jumper (JIRA)" <ji...@apache.org> on 2016/08/03 22:43:20 UTC

[jira] [Created] (GUACAMOLE-70) Add option to restrict access to users within database

Michael Jumper created GUACAMOLE-70:
---------------------------------------

             Summary: Add option to restrict access to users within database
                 Key: GUACAMOLE-70
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-70
             Project: Guacamole
          Issue Type: Improvement
          Components: guacamole-auth-jdbc
            Reporter: Michael Jumper
            Assignee: Michael Jumper


The LDAP and database authentication backends have been usable together since [GUAC-586|https://glyptodon.org/jira/browse/GUAC-586], but this still causes trouble in the case that only LDAP users that *also* exist within the database should have access.

There are cases where large deployments of Guacamole involve a large LDAP tree that contains many users, only a subset of which should be granted access to Guacamole. Restructuring the LDAP tree to ensure that only certain users can log in to Guacamole is not always feasible. Rather than universally granting access so long as LDAP accepts the credentials, the database authentication should provide an option to deny access to authenticated users if they do not also have associated data in the database.

It has been verified that extensions can indeed reject an otherwise positive authentication result from a different extension.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)