[
https://issues.apache.org/jira/browse/GUACAMOLE-1000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17071170#comment-17071170
]
Mike Jumper commented on GUACAMOLE-1000:
----------------------------------------
LDAP users are not read during Tomcat startup. They are read during login and
are not cached outside the user's session:
# User login entry point:
[{{LDAPAuthenticationProvider.getUserContext()}}|https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPAuthenticationProvider.java#L85-L86]
#
[{{AuthenticationProviderService.getUserContext()}}|https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java#L329-L332]
#
[{{LDAPUserContext.init()}}|https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPUserContext.java#L123-L126]
# Query:
[{{UserService.getUsers()}}|https://github.com/apache/guacamole-client/blob/e30f4c7507914b2967fc654e30a235d0310e5076/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java#L82-L114]
> Reread LDAP users periodically
> ------------------------------
>
> Key: GUACAMOLE-1000
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1000
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-ldap
> Affects Versions: 1.0.0, 1.1.0
> Environment: CentOS 7
> Reporter: Edgardo Rodriguez
> Priority: Minor
> Labels: features
> Original Estimate: 72h
> Remaining Estimate: 72h
>
> Hi,
> I am using Guacamole 1.2.0 under CentOS 7 with the following modules loaded:
> Mysql, LDAP, TOTP
> Under LDAP I have an ldap filter which only retrieves the users matching the
> following conditions:
> 1- Account must be an user and must no be disabled
> 2- User must belong to a particular user group
>
> So far so good, only specific users are allowed to sign-in.
> I found that after tomcat service startup, this filter is applied and so
> expected users are retrieved OK, but as time goes by we need to add more
> users to the previously mentioned group. Unless tomcat is restarted , logging
> out any user currently signed in, new users won't be allowed to sign-in.
> Also, with my current allowed user, I am not able to see the newly added user
> under "Users" tab.
>
> I have no proposed patch, I am under investigation but I am newie with java
> and is some kind of difficult for me, I think this might be useful for these
> scenarios where we don't want to interrupt current logged in users because a
> new one needs to be added to this system.
>
>
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
