You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by GitBox <gi...@apache.org> on 2020/04/04 01:34:34 UTC
[GitHub] [guacamole-client] mike-jumper commented on a change in pull
request #496: GUACAMOLE-996
mike-jumper commented on a change in pull request #496: GUACAMOLE-996
URL: https://github.com/apache/guacamole-client/pull/496#discussion_r403405847
##########
File path: extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/ConfigurationService.java
##########
@@ -317,7 +318,27 @@ public int getMaxReferralHops() throws GuacamoleException {
public ExprNode getUserSearchFilter() throws GuacamoleException {
return environment.getProperty(
LDAPGuacamoleProperties.LDAP_USER_SEARCH_FILTER,
- new PresenceNode("objectClass")
+ new EqualityNode("objectClass","user")
Review comment:
+1
Adding the option to narrow by `objectClass` would be a separate feature, the value that is used should not be hard-coded to `user`, and we should avoid breaking compatibility with existing deployments which have been relying on the former `*` filter for ages.
Same for the group filter - if the deployment in question needs to narrow things, then specifying custom filters will allow that. Beyond the filters, the different base DNs should be the only restrictions applied unless the administrator configures otherwise.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services