You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Edgardo Rodriguez (Jira)" <ji...@apache.org> on 2020/03/27 18:36:00 UTC
[jira] [Created] (GUACAMOLE-998) LDAP: Do not retrieve all groups
from LDAP
Edgardo Rodriguez created GUACAMOLE-998:
-------------------------------------------
Summary: LDAP: Do not retrieve all groups from LDAP
Key: GUACAMOLE-998
URL: https://issues.apache.org/jira/browse/GUACAMOLE-998
Project: Guacamole
Issue Type: Wish
Components: guacamole-auth-ldap
Affects Versions: 1.1.0
Environment: CentOS 7
Reporter: Edgardo Rodriguez
Fix For: 1.2.0
Attachments: UserGroupService_donotretrieveall.patch
Hi, I have been using Guacamole since 0.9.14. As we use ActiveDirectory LDAP to authenticate every user I found something which might have an explanation but in my scenario is quite undesired.
Our LDAP is a WorldWide DB and so contains a huge ammount of users and groups.
According to:
[https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java#L92]
If we do not use (as in our case) LDAP for storing configuration, then anything containing objectClass attribute (users, computer, groups, etc) will be loaded into Guacamole as a group.
I do not see clearly why this is done this way, also *ldap-group-base-dn* attribute is not respected at all in this scenario but fortunately at least seems to honor *ldap-user-base-dn*.
So I modificated this line to, retrieve any object containing the attribute defined by *ldap-member-attribute* which by default is *member*.
Attached patch does work as spected (by me at least), I am pretty newie with java, so I might be missing somethign...
Thanks all for this great piece of software BTW!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)