[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #753: GUACAMOLE-1661: Add domain search support for KSM vault extension.

[GitBox]

jmuehlner commented on code in PR #753:
URL: https://github.com/apache/guacamole-client/pull/753#discussion_r954183050


##########
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/secret/KsmClient.java:
##########
@@ -250,13 +292,38 @@ private void validateCache() throws GuacamoleException {
                 String hostname = recordService.getHostname(record);
                 addRecordForHost(record, hostname);
 
-                // Store based on username ONLY if no hostname (will otherwise
-                // result in ambiguous entries for servers tied to identical
-                // accounts)
-                if (hostname == null)
-                    addRecordForLogin(record, 
recordService.getUsername(record));
+                // ... and domain
+                String domain = recordService.getDomain(record);
+                addRecordForDomain(record, domain);
+
+                // Get the username off of the record
+                String username = recordService.getUsername(record);
+
+                // If we have a username, and there isn't already a domain 
explicitly defined
+                if (username != null && domain == null
+                        && confService.getSplitWindowsUsernames()) {
 
-            });
+                    // Attempt to split out the domain of the username
+                    WindowsUsername usernameAndDomain = (
+                            
WindowsUsername.splitWindowsUsernameFromDomain(username));
+
+                    // Use the username-split domain if not already set 
explicitly
+                    if (usernameAndDomain.hasDomain())
+                        domain = usernameAndDomain.getDomain();
+                        addRecordForDomain(record, domain);
+
+                }
+
+                // If domain matching is not enabled for user records,
+                // explicitly set all domains to null to allow matching
+                // on username only
+                if (!confService.getMatchUserRecordsByDomain())
+                    domain = null;
+
+                // Store the login by username and domain
+                addRecordForLogin(record, username, domain);

Review Comment:
   Where did you see it indexing by both the raw username, and domain+username? 
I only see a single call to `addRecordForLogin`, which should do either one of 
those depending on `getSplitWindowsUsernames()`.
   
   There was a bug here where I didn't correctly remove the username from the 
domain if splitting is enabled, but that should be fixed now.
   
   Everything should be working the way you suggest above.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@guacamole.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org