[jira] [Assigned] (GUACAMOLE-536) Add support for arbitrary LDAP bind patterns

["Nick Couchman (Jira)" <ji...@apache.org>]

     [ https://issues.apache.org/jira/browse/GUACAMOLE-536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Nick Couchman reassigned GUACAMOLE-536:
---------------------------------------

    Assignee: Nick Couchman

> Add support for arbitrary LDAP bind patterns
> --------------------------------------------
>
>                 Key: GUACAMOLE-536
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-536
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-ldap
>            Reporter: Joseph L. Casale
>            Assignee: Nick Couchman
>            Priority: Minor
>
> The current LDAP authentication scheme can recursively search the base DN only when a bind DN is used. When biding with the user attempting to log on, the bind DN format pattern is not exposed through configuration which imposes unnatural restrictions forcing the user to exist in a single container.
> If the format pattern was exposed for configuration, for DSA's which allow flexible bind patterns such as Active Directory, configuration could allow "DOMAIN
>  %s" or "%s@domain.com" and for those DSA's which do not, you would simply configure the restrictive full DN as the pattern.
> The use case is that we use Active Directory anddo not allow bind accounts so the restriction prevents all users from accessing the application as our topology is not flat (we need to pick a single container therefor excluding everyone else).
> A working Java implementation of an LDAP auth scheme that facilitates this is [Gitblit|http://gitblit.com/properties.html], see the realm.ldap.* configuration properties. Setting the bind pattern to the UPN such as:
> {code:java}
> realm.ldap.bindpattern = ${username}@domain.com
> {code}
> allows the flexible configuration in our Active Directory environment.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)