[ https://issues.apache.org/jira/browse/GUACAMOLE-996?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17074186#comment-17074186 ]
Nick Couchman commented on GUACAMOLE-996: ----------------------------------------- [~erodriguez19]: I think part of implementing this filter would also include implementing a reasonable default value for the filter, such as (objectClass=group) or something similar and relatively compatible with as many LDAP schemas as possible. However, I agree with Mike that filtering (by default) for anything that has a defined member attribute is probably not the best route. > Provide configuration for filtering LDAP groups > ----------------------------------------------- > > Key: GUACAMOLE-996 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-996 > Project: Guacamole > Issue Type: Improvement > Components: guacamole-auth-ldap > Reporter: Peter Ruhrmann > Priority: Minor > Attachments: UserGroupService_donotretrieveall.patch > > > *Problem:* > If you have an LDAP-Directory where Users and Groups are in the same subtree > and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all > objects under the DN configured as ldap-group-base-dn returned as groups. > *Example:* > Our directory looks like this: > DC=AD,DC=company,DC=de > * OU=faculty > ** Group1 > ** Group2 > ** Group3 > ** ... > ** OU=students > *** Student0001 > *** Student0002 > *** Student0003 > *** ... > *** Student1999 > As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de > But then I get in the Web-UI all Groups and all Students as Group-Objects > which makes no sense > *Suggested fix* > I have a fix for me but as I am not a programmer, I don't know how to > implement it the right way. > I changed in UserGroupService.java line 92 from: > {{return new PresenceNode("objectClass");}} > to > {{return new AndNode(new EqualityNode("objectClass","group"));}} > and added > {{import org.apache.directory.api.ldap.model.filter.AndNode;}} > at line 34. > Thanks for making this great project! > > Peter > > -- This message was sent by Atlassian Jira (v8.3.4#803005)