[GitHub] [guacamole-client] echu2013 commented on a change in pull request #496: GUACAMOLE-996: Add support for configuring group filter.

Sun, 05 Apr 2020 14:49:25 -0700 

echu2013 commented on a change in pull request #496: GUACAMOLE-996: Add support 
for configuring group filter.
URL: https://github.com/apache/guacamole-client/pull/496#discussion_r403761407
 
 

 ##########
 File path: 
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/ConfigurationService.java
 ##########
 @@ -317,7 +318,27 @@ public int getMaxReferralHops() throws GuacamoleException 
{
     public ExprNode getUserSearchFilter() throws GuacamoleException {
         return environment.getProperty(
             LDAPGuacamoleProperties.LDAP_USER_SEARCH_FILTER,
-            new PresenceNode("objectClass")
+            new EqualityNode("objectClass","user")
 
 Review comment:
   > +1
   > 
   > Adding the option to narrow by `objectClass` would be a separate feature, 
the value that is used should not be hard-coded to `user`, and we should avoid 
breaking compatibility with existing deployments which have been relying on the 
former `*` filter for ages.
   > 
   > Same for the group filter - if the deployment in question needs to narrow 
things, then specifying custom filters will allow that. Beyond the filters, the 
different base DNs should be the only restrictions applied unless the 
administrator configures otherwise.
   
   Please note that description inside code states the following:
   `    /**
        * Returns the search filter that should be used when querying the
        * LDAP server for Guacamole users.  If no filter is specified,
        * a default of "(objectClass=user)" is returned.
        *
        * @return
        *     The search filter that should be used when querying the
        *     LDAP server for users that are valid in Guacamole, or
        *     "(objectClass=user)" if not specified.
        *
        * @throws GuacamoleException
        *     If guacamole.properties cannot be parsed.
        */`
   **If no filter is specified, a default of "(objectClass=user)" is returned.**
   So, that's why I corrected the code.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to