Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-manual/pull/90#discussion_r200394245
--- Diff: src/chapters/ldap-auth.xml ---
@@ -356,6 +356,17 @@ dn: cn={4}guacConfigGroup,cn=schema,cn=config
"<systemitem>uid=user,ou=people,dc=example,dc=net</systemitem>".</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term><property>ldap-user-attributes</property></term>
+ <listitem>
+ <para>The attribute or attributes to retrieve from
the LDAP directory.
+ These attributes are stored as tokens with the
prefix "GUAC_ATTR_"
+ and the name of the attribute appended in
uppercase letters.
+ The value of the token is the value of the
attribute in the LDAP directory.
+ If the attribute has no value in the directory
then the token is not saved.
+ Multiple attributes can be specified here,
separated by commas.</para>
--- End diff --
I wouldn't assume that someone would not use an attribute with multiple
values - they may either not be aware or not have control of that.
> If they did, I'm not sure what we could change to help them pick which
value to use.
I don't know that we'd be able to help control what of the multiple values
is used, but, in the `getLDAPAttributes()` method, instead of using
attr.getStringValue()
we could use:
attr.getStringValueArray()[0]
Probably have to do a couple of other checks to make sure that there's
actually a value there (we don't get a null array or empty value, but probably
worth changing the code slightly to do that, and then just document that, if
the attribute is multi-valued, it'll return the first value.
---
