[jira] [Created] (GUACAMOLE-998) LDAP: Do not retrieve all groups from LDAP

["Edgardo Rodriguez (Jira)" <ji...@apache.org>]

Edgardo Rodriguez created GUACAMOLE-998:
-------------------------------------------

             Summary: LDAP: Do not retrieve all groups from LDAP
                 Key: GUACAMOLE-998
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-998
             Project: Guacamole
          Issue Type: Wish
          Components: guacamole-auth-ldap
    Affects Versions: 1.1.0
         Environment: CentOS 7
            Reporter: Edgardo Rodriguez
             Fix For: 1.2.0
         Attachments: UserGroupService_donotretrieveall.patch

Hi, I have been using Guacamole since 0.9.14. As we use ActiveDirectory LDAP to authenticate every user I found something which might have an explanation but in my scenario is quite undesired.

Our LDAP is a WorldWide DB and so contains a huge ammount of users and groups.

According to:
[https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java#L92]
If we do not use (as in our case) LDAP for storing configuration, then anything containing objectClass attribute (users, computer, groups, etc) will be loaded into Guacamole as a group.

I do not see clearly why this is done this way, also *ldap-group-base-dn* attribute is not respected at all in this scenario but fortunately at least seems to honor *ldap-user-base-dn*.

So I modificated this line to, retrieve any object containing the attribute defined by *ldap-member-attribute* which by default is *member*.

 

Attached patch does work as spected (by me at least), I am pretty newie with java, so I might be missing somethign...

 

Thanks all for this great piece of software BTW!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)