You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Peter Ruhrmann (Jira)" <ji...@apache.org> on 2020/03/27 13:03:00 UTC

[jira] [Created] (GUACAMOLE-996) LDAP Auth returns all objects as groups even if they are users

Peter Ruhrmann created GUACAMOLE-996:
----------------------------------------

             Summary: LDAP Auth returns all objects as groups even if they are users
                 Key: GUACAMOLE-996
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-996
             Project: Guacamole
          Issue Type: Bug
          Components: guacamole-auth-ldap
    Affects Versions: 1.1.0
            Reporter: Peter Ruhrmann


*Problem:*

If you have an LDAP-Directory where Users and Groups are in the same subtree and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all objects under the DN configured as ldap-group-base-dn returned as groups.

*Example:*

Our directory looks like this:

DC=AD,DC=company,DC=de
 * OU=faculty
 ** Group1
 ** Group2
 ** Group3
 ** ...
 ** OU=students
 *** Student0001
 *** Student0002
 *** Student0003
 *** ...
 *** Student1999

As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de

But then I get in the Web-UI all Groups and all Students as Group-Objects which makes no sense

*Suggested fix*

I have a fix for me but as I am not a programmer, I don't know how to implement it the right way.

I changed in UserGroupService.java line 92 from:

{{return new PresenceNode("objectClass");}}

to

{{return new AndNode(new EqualityNode("objectClass","group"));}}

and added

{{import org.apache.directory.api.ldap.model.filter.AndNode;}}

at line 34.

Thanks for making this great project!

 

Peter

 

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)