[ https://issues.apache.org/jira/browse/GUACAMOLE-996?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17068695#comment-17068695 ]
Nick Couchman commented on GUACAMOLE-996: ----------------------------------------- Good catch, thank you, Peter. I think your fix is perfect - if you'd like to submit a pull request for this change we would welcome it! Otherwise I'm happy to do it with your suggested changes. > LDAP Auth returns all objects as groups even if they are users > -------------------------------------------------------------- > > Key: GUACAMOLE-996 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-996 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-ldap > Affects Versions: 1.1.0 > Reporter: Peter Ruhrmann > Priority: Minor > Fix For: 1.2.0 > > > *Problem:* > If you have an LDAP-Directory where Users and Groups are in the same subtree > and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all > objects under the DN configured as ldap-group-base-dn returned as groups. > *Example:* > Our directory looks like this: > DC=AD,DC=company,DC=de > * OU=faculty > ** Group1 > ** Group2 > ** Group3 > ** ... > ** OU=students > *** Student0001 > *** Student0002 > *** Student0003 > *** ... > *** Student1999 > As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de > But then I get in the Web-UI all Groups and all Students as Group-Objects > which makes no sense > *Suggested fix* > I have a fix for me but as I am not a programmer, I don't know how to > implement it the right way. > I changed in UserGroupService.java line 92 from: > {{return new PresenceNode("objectClass");}} > to > {{return new AndNode(new EqualityNode("objectClass","group"));}} > and added > {{import org.apache.directory.api.ldap.model.filter.AndNode;}} > at line 34. > Thanks for making this great project! > > Peter > > -- This message was sent by Atlassian Jira (v8.3.4#803005)