Nick Couchman updated GUACAMOLE-536:
    Priority: Minor  (was: Blocker)

> Enhance restrictive LDAP authentication configuration requirements
> ------------------------------------------------------------------
>                 Key: GUACAMOLE-536
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-536
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-ldap
>            Reporter: Joseph L. Casale
>            Priority: Minor
> The current LDAP authentication scheme can recursively search the base DN 
> only when a bind DN is used. When biding with the user attempting to log on, 
> the bind DN format pattern is not exposed through configuration which imposes 
> unnatural restrictions forcing the user to exist in a single container.
> If the format pattern was exposed for configuration, for DSA's which allow 
> flexible bind patterns such as Active Directory, configuration could allow 
>  %s" or "%s...@domain.com" and for those DSA's which do not, you would simply 
> configure the restrictive full DN as the pattern.
> The use case is that we use Active Directory anddo not allow bind accounts so 
> the restriction prevents all users from accessing the application as our 
> topology is not flat (we need to pick a single container therefor excluding 
> everyone else).
> A working Java implementation of an LDAP auth scheme that facilitates this is 
> [Gitblit|http://gitblit.com/properties.html], see theĀ realm.ldap.* 
> configuration properties. Setting the bind pattern to the UPN such as:
> {code:java}
> realm.ldap.bindpattern = ${username}@domain.com
> {code}
> allows the flexible configuration in our Active Directory environment.

This message was sent by Atlassian JIRA

Reply via email to