necouchman commented on a change in pull request #640:
URL: https://github.com/apache/guacamole-client/pull/640#discussion_r694408052
##########
File path:
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
##########
@@ -214,13 +215,17 @@ private ExprNode getGroupSearchFilter() throws
GuacamoleException {
}
}
+ // Gather all attributes relevant for a group
+ List<String> groupAttributes = confService.getGroupNameAttributes();
+ groupAttributes.add(confService.getMemberAttribute());
+
// Get all groups the user is a member of starting at the groupBaseDN,
// excluding guacConfigGroups
return queryService.search(
ldapConnection,
groupBaseDN,
getGroupSearchFilter(),
- Collections.singleton(confService.getMemberAttribute()),
+ groupAttributes,
Review comment:
Ugh, now that I look at this, I think this is not going to result in
intended behavior at all. This change, here, will make it so that the query
that's run to match membership gets executed against all of the group
attributes that are identified as "relevant" attributes, via this code, here:
https://github.com/necouchman/guacamole-client/blob/d6c161c1d67c349a1796fb346a5c33cb744073a0/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java#L336-L341
I'm pretty sure that's not what we want to happen - we want certain
attributes to be retrieved, not searched against. So, this is going to take a
little more reworking...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
