mike-jumper opened a new pull request #579: URL: https://github.com/apache/guacamole-client/pull/579
This PR builds upon the changes proposed by @doctorfree via #563 (which itself built upon #454 from @siacali), aiming to clean up the LDAP parsing logic such that things are actually LDAP-aware. I did this by: 1. Pulling the changes from #563. 2. Squashing those changes down to a single commit, preserving authorship and the original commit message. 3. Building off of that. Instead of regex-driven parsing of LDAP DNs, these changes leverage `LdapName` to truly parse each DN. As CAS may also expose multiple effective groups through a `Collection`, these changes also specifically test for this and include each group therein. I have refactored the configuration properties to reflect this: * `cas-group-attribute` - The CAS attribute that determines group membership. If omitted, groups aren't retrieved from CAS, and all other group-related properties for CAS are ignored. * `cas-group-format` - The format that CAS will use for its group names. This may be `plain` (simple text names) or `ldap` (LDAP DNs). If set to `ldap`, group names are _always_ determined from the last (leftmost) attribute of the DN. If omitted, `plain` is used by default. * `cas-group-ldap-base-dn` - The base DN to require for LDAP-formatted CAS groups. If specified, only CAS groups beneath this DN will be included. This property has no effect if `cas-group-format` is not `ldap`. * `cas-group-ldap-attribute` - The LDAP attribute to require for LDAP-formatted CAS groups. If specified, only CAS groups that use this attribute for the name of the group will be included. This property has no effect if `cas-group-format` is not `ldap`. Many thanks to ... * @siacali for taking the first stabs at CAS group support. * @doctorfree for further, repeated stabbing. * @lchanouha for pointing toward `LdapName` as a good means of parsing an LDAP DN, and confirming that the CAS library (sometimes?) leverages `Collection` to store multi-valued attributes. **Beware that I do not have a CAS server that I can test these changes against.** If anyone here _does_ (or knows how I might easily spin one up), it would be good to recheck that all this works as expected. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
