Github user necouchman commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/202#discussion_r146651500
--- Diff:
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
---
@@ -111,6 +113,29 @@ public LDAPConnection bindAs(String userDN, String
password)
// Obtain appropriately-configured LDAPConnection instance
LDAPConnection ldapConnection = createLDAPConnection();
+ // Configure LDAP connection constraints
+ LDAPConstraints ldapConstraints = ldapConnection.getConstraints();
+ if (ldapConstraints == null)
+ ldapConstraints = new LDAPConstraints();
+
+ // Set whether or not we follow referrals
+
ldapConstraints.setReferralFollowing(confService.getFollowReferrals());
+
+ // If the referral auth method is set to bind, we set it using the
existing
+ // username and password.
+ String refAuthMethod = confService.getReferralAuthentication();
+ if (refAuthMethod != null && refAuthMethod.equals("bind"))
+ ldapConstraints.setReferralHandler(new
ReferralAuthHandler(userDN, password));
--- End diff --
Yeah, I see what you're saying. The changes here should be consistent with
that - the referral authentication just uses what is passed in to the bindAs
method for userDN and password, which, for the initial user search will be the
search credentials, and subsequently will be the retrieved userDN and the
password used for authentication.
---
