You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Peter Ruhrmann (Jira)" <ji...@apache.org> on 2020/03/27 13:03:00 UTC
[jira] [Created] (GUACAMOLE-996) LDAP Auth returns all objects as
groups even if they are users
Peter Ruhrmann created GUACAMOLE-996:
----------------------------------------
Summary: LDAP Auth returns all objects as groups even if they are users
Key: GUACAMOLE-996
URL: https://issues.apache.org/jira/browse/GUACAMOLE-996
Project: Guacamole
Issue Type: Bug
Components: guacamole-auth-ldap
Affects Versions: 1.1.0
Reporter: Peter Ruhrmann
*Problem:*
If you have an LDAP-Directory where Users and Groups are in the same subtree and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all objects under the DN configured as ldap-group-base-dn returned as groups.
*Example:*
Our directory looks like this:
DC=AD,DC=company,DC=de
* OU=faculty
** Group1
** Group2
** Group3
** ...
** OU=students
*** Student0001
*** Student0002
*** Student0003
*** ...
*** Student1999
As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de
But then I get in the Web-UI all Groups and all Students as Group-Objects which makes no sense
*Suggested fix*
I have a fix for me but as I am not a programmer, I don't know how to implement it the right way.
I changed in UserGroupService.java line 92 from:
{{return new PresenceNode("objectClass");}}
to
{{return new AndNode(new EqualityNode("objectClass","group"));}}
and added
{{import org.apache.directory.api.ldap.model.filter.AndNode;}}
at line 34.
Thanks for making this great project!
Peter
--
This message was sent by Atlassian Jira
(v8.3.4#803005)