[
https://issues.apache.org/jira/browse/GUACAMOLE-804?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17065197#comment-17065197
]
Mike Jumper commented on GUACAMOLE-804:
---------------------------------------
That permission shouldn't be needed in general. I believe it's only needed for
users that inherently need to be able to see other users (administrators).
There is a note regarding that already:
http://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database
Outside of administrators that need to be able to see all users to ease
maintenance of their corresponding database accounts, the ability to see other
users is not needed.
> LDAP authentication not working correctly
> -----------------------------------------
>
> Key: GUACAMOLE-804
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-804
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Reporter: Peter Kubica
> Priority: Minor
>
> LDAP authentication with database backend (as proposed
> [here|https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database])
> can't correctly handle situation, when _ldap-search-bind-dn_ is not contained
> in _ldap-user-base-dn_.
> Eg.:
> {{ldap-user-base-dn: ou=common,ou=users,dc=example,dc=com}}
> {{ldap-search-bind-dn: uid=guacamole,ou=system,ou=users,dc=example,dc=com}}
> In this situation _guacamole_ user will not show LDAP users in Settings/Users
> and common user authentication will result it successful authentication
> followed by _Unable to query list of objects from LDAP directory_ error.
> Even with:
> {{ldap-user-base-dn: ou=users,dc=example,dc=com}}
> things are not working correctly for users from
> _ou=common,ou=users,dc=example,dc=com_.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
