[
https://issues.apache.org/jira/browse/GUACAMOLE-804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16853267#comment-16853267
]
Michael Jumper commented on GUACAMOLE-804:
------------------------------------------
{quote}
_Unlikely_ - that was my problem with closing this issue. It seemed to me, that
issues should not be closed before some investigation is done, but now I
understand, that it doesn't work here that way and I will follow your rules.
{quote}
In general, we do assess each new JIRA issue, though it is far and away more
common that issues opened in JIRA end up being configuration problems,
particularly for something as fundamental as LDAP. The issue won't be dismissed
out of hand (hence "unlikely" rather than "impossible"), but if we believe the
forums (the mailing list) is the best place to look into things further, then
we'll point you at the mailing list. The mailing list engages a much wider
subsection of the community, including users that may well have encountered
exactly what you're seeing and figured out on their own what went wrong.
There isn't a rule per se that stipulates new issues start on the mailing list;
it's just a judgement call we have to make to avoid wasted effort. It's also
important to keep in mind that the mailing list archives serve as an additional
resource to users, so if we suspect a reported bug is in fact a configuration
problem, it's in the interest of all concerned that the investigation and
resolution of that take place on the lists.
It's always possible that the issue will be reopened after investigation on the
list reveals that it is indeed a bug, however my experience leads me to believe
that this is unlikely. That conclusion is based on my experience with
Guacamole's implementation of LDAP and the description and nature of the issue.
> LDAP authentication not working correctly
> -----------------------------------------
>
> Key: GUACAMOLE-804
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-804
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Reporter: Peter Kubica
> Priority: Minor
>
> LDAP authentication with database backend (as proposed
> [here|https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database])
> can't correctly handle situation, when _ldap-search-bind-dn_ is not contained
> in _ldap-user-base-dn_.
> Eg.:
> {{ldap-user-base-dn: ou=common,ou=users,dc=example,dc=com}}
> {{ldap-search-bind-dn: uid=guacamole,ou=system,ou=users,dc=example,dc=com}}
> In this situation _guacamole_ user will not show LDAP users in Settings/Users
> and common user authentication will result it successful authentication
> followed by _Unable to query list of objects from LDAP directory_ error.
> Even with:
> {{ldap-user-base-dn: ou=users,dc=example,dc=com}}
> things are not working correctly for users from
> _ou=common,ou=users,dc=example,dc=com_.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
