You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Florian Best (Jira)" <ji...@apache.org> on 2021/11/09 13:09:00 UTC

[jira] [Created] (GUACAMOLE-1456) Support configurable "seeAlso" attribute name

Florian Best created GUACAMOLE-1456:
---------------------------------------

             Summary: Support configurable "seeAlso" attribute name
                 Key: GUACAMOLE-1456
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1456
             Project: Guacamole
          Issue Type: Bug
          Components: guacamole-auth-ldap
    Affects Versions: 1.3.0
            Reporter: Florian Best


The "seeAlso" LDAP attribute name at guacomole config objects seems to be hardcoded and cannot be configured.

 

With a posix based schema we are storing LDAP group memberships in the "uniqueMember" attribute, e.g.:

 

```

objectClass ( 1.3.6.1.4.1.38971.1.2.1 NAME 'guacConfigGroup'
        DESC 'Guacamole configuration'
        STRUCTURAL
        MUST ( cn $ guacConfigProtocol )
        MAY (
                description $
                uniqueMember $
                guacConfigParameter
                )
        )

```

 

with

```

dn: cn=SSH,cn=guacamole,dc=mole,dc=test
guacConfigProtocol: ssh
guacConfigParameter: hostname=10.200.72.16
cn: SSH
objectClass: top
objectClass: guacConfigGroup
uniqueMember: cn=Domain Admins,cn=groups,dc=mole,dc=test
uniqueMember: cn=Domain Users,cn=groups,dc=mole,dc=test
uniqueMember: uid=Administrator,cn=users,dc=mole,dc=test

```

 

Your code:

```

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java:    public static final String LDAP_ATTRIBUTE_NAME_GROUPS = "seeAlso";                                                          
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java:                    LDAP_ATTRIBUTE_NAME_GROUPS                                                                                  
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java:                groupFilter.addNode(new EqualityNode(LDAP_ATTRIBUTE_NAME_GROUPS,entry.getDn().toString())) 

```

 

All other LDAP attribute names seem to be configurable in `~/.guacamole/guacamole.properties` except for `seeAlso`.

Please make it configurable as well!



--
This message was sent by Atlassian Jira
(v8.20.1#820001)