Paul McDonnell created GUACAMOLE-785:
----------------------------------------
Summary: TOTP causing LDAP to change its query
Key: GUACAMOLE-785
URL: https://issues.apache.org/jira/browse/GUACAMOLE-785
Project: Guacamole
Issue Type: Bug
Components: guacamole-auth-ldap, guacamole-auth-totp
Affects Versions: 1.0.0
Reporter: Paul McDonnell
I've got OTP operational on my set up, all worked as expected. I then went to
enable LDAP but kept getting an error "Unable to query list of objects from
LDAP directory". After some more debugging, I think the issue is that the
original search that LDAP does is
Searching "OU=people,dc=LOCAL,dc=mycompany,dc=COM" for objects matching
"(&(objectClass=user)(!(objectCategory=computer))(samAccountName=jbloggs))".
Then after TOTP code is typed in, it then searches for
Searching "OU=people,dc=LOCAL,dc=mycompany,dc=COM" for objects matching
"(&(objectClass=user)(!(objectCategory=computer))(samAccountName=*))".
It replaces the samaccountname=jbloggs with samaccountname=*. I confirmed this
by changing the ldap-user-search-filter: (samAccountname=jbloggs) and I was
then able to login as jbloggs (but not as anyone else).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
