[jira] [Closed] (GUACAMOLE-998) LDAP: Do not retrieve all groups from LDAP

Fri, 27 Mar 2020 12:01:13 -0700 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Nick Couchman closed GUACAMOLE-998.
-----------------------------------
    Fix Version/s:     (was: 1.2.0)
       Resolution: Duplicate

Someone beat you to this, already - closing as a duplicate.

> LDAP: Do not retrieve all groups from LDAP
> ------------------------------------------
>
>                 Key: GUACAMOLE-998
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-998
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole-auth-ldap
>    Affects Versions: 1.1.0
>         Environment: CentOS 7
>            Reporter: Edgardo Rodriguez
>            Priority: Minor
>              Labels: easyfix, newbie, patch
>         Attachments: UserGroupService_donotretrieveall.patch
>
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> Hi, I have been using Guacamole since 0.9.14. As we use ActiveDirectory LDAP 
> to authenticate every user I found something which might have an explanation 
> but in my scenario is quite undesired.
> Our LDAP is a WorldWide DB and so contains a huge ammount of users and groups.
> According to [the original 
> code|https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java#L90]
>  if we do not use (as in our case) LDAP for storing configuration, then 
> anything containing objectClass attribute (users, computer, groups, etc) will 
> be loaded into Guacamole as a group.
> I do not see clearly why this is done this way, also *ldap-group-base-dn* 
> attribute is not respected at all in this scenario but fortunately at least 
> seems to honor *ldap-user-base-dn*.
> So I modificated this line to, retrieve any object containing the attribute 
> defined by *ldap-member-attribute* which by default is *member*.
>  
> Attached patch does work as spected (by me at least), I am pretty newie with 
> java, so I might be missing something...
>  
> Thanks all for this great piece of software BTW!



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to