mike-jumper commented on a change in pull request #579:
URL: https://github.com/apache/guacamole-client/pull/579#discussion_r541787384
##########
File path:
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
##########
@@ -85,4 +91,102 @@ public PrivateKey getClearpassKey() throws
GuacamoleException {
return
environment.getProperty(CASGuacamoleProperties.CAS_CLEARPASS_KEY);
}
+ /**
+ * Returns the CAS attribute that should be used to determine group
+ * memberships in CAS, such as "memberOf". If no attribute has been
+ * specified, null is returned.
+ *
+ * @return
+ * The attribute name used to determine group memberships in CAS,
+ * null if not defined.
+ *
+ * @throws GuacamoleException
+ * If guacamole.properties cannot be parsed.
+ */
+ public String getGroupAttribute() throws GuacamoleException {
+ return
environment.getProperty(CASGuacamoleProperties.CAS_GROUP_ATTRIBUTE);
+ }
+
+ /**
+ * Returns the format that CAS is expected to use for its group names, such
+ * as {@link GroupFormat#PLAIN} (simple plain-text names) or
+ * {@link GroupFormat#LDAP} (fully-qualified LDAP DNs). If not specified,
+ * PLAIN is used by default.
+ *
+ * @return
+ * The format that CAS is expected to use for its group names.
+ *
+ * @throws GuacamoleException
+ * If the format specified within guacamole.properties is not valid.
+ */
+ public GroupFormat getGroupFormat() throws GuacamoleException {
+ return
environment.getProperty(CASGuacamoleProperties.CAS_GROUP_FORMAT,
GroupFormat.PLAIN);
+ }
+
+ /**
+ * Returns the base DN that all LDAP-formatted CAS groups must reside
+ * beneath. Any groups that are not beneath this base DN should be ignored.
+ * If no such base DN is provided, the tree structure of the ancestors of
+ * LDAP-formatted CAS groups should not be considered.
Review comment:
That all groups will be allowed.
For example, if `cas-group-format` is `ldap` and CAS returns the following
groups:
* `cn=group1,ou=groups,dc=foo,dc=example,dc=net`
* `cn=group2,ou=groups,dc=bar,dc=example,dc=net`
* `cn=group3,ou=groups,dc=baz,dc=example,dc=net`
Then, by default, the user will be considered a member of "group1",
"group2", and "group3". However, if `cas-group-ldap-base-dn` is set to
`dc=bar,dc=example,dc=net`, they will only be considered a member of "group2".
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
