[ https://issues.apache.org/jira/browse/GUACAMOLE-996?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman reassigned GUACAMOLE-996: --------------------------------------- Assignee: Nick Couchman > Provide configuration for filtering LDAP groups > ----------------------------------------------- > > Key: GUACAMOLE-996 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-996 > Project: Guacamole > Issue Type: Improvement > Components: guacamole-auth-ldap > Reporter: Peter Ruhrmann > Assignee: Nick Couchman > Priority: Minor > Attachments: UserGroupService_donotretrieveall.patch > > > *Problem:* > If you have an LDAP-Directory where Users and Groups are in the same subtree > and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all > objects under the DN configured as ldap-group-base-dn returned as groups. > *Example:* > Our directory looks like this: > DC=AD,DC=company,DC=de > * OU=faculty > ** Group1 > ** Group2 > ** Group3 > ** ... > ** OU=students > *** Student0001 > *** Student0002 > *** Student0003 > *** ... > *** Student1999 > As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de > But then I get in the Web-UI all Groups and all Students as Group-Objects > which makes no sense > *Suggested fix* > I have a fix for me but as I am not a programmer, I don't know how to > implement it the right way. > I changed in UserGroupService.java line 92 from: > {{return new PresenceNode("objectClass");}} > to > {{return new AndNode(new EqualityNode("objectClass","group"));}} > and added > {{import org.apache.directory.api.ldap.model.filter.AndNode;}} > at line 34. > Thanks for making this great project! > > Peter > > -- This message was sent by Atlassian Jira (v8.3.4#803005)