[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[ https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17067192#comment-17067192 ] Edgardo Rodriguez commented on GUACAMOLE-708: - Made some discovery.. Had mysql-user-required set to true, so I changed it to false. In first logon attempt error is produced but user is created in DB. After that, consecuente logon attempts produces the following duplicate entry error and so login is not possible: ### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException: Duplicate entry 'USER-usertest' for key 'guacamole_entity_name_scope' > Allow JDBC Users to be Created Automatically > > > Key: GUACAMOLE-708 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-708 > Project: Guacamole > Issue Type: New Feature > Components: guacamole-auth-jdbc >Reporter: Nick Couchman >Assignee: Mike Jumper >Priority: Minor > Fix For: 1.2.0 > > > A feature common to other applications that store data in one place and can > authenticate from other sources is to enable automatic creation of user > accounts within the database assuming the user is successfully authenticated > elsewhere. > I propose doing something similar with the Guacamole JDBC extension, or, > depending on how the implementation works out, with the other extensions - a > property that, disabled by default, could be enabled that would allow users > authenticated successfully through other extensions to be automatically > created within the JDBC extension. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[ https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17067183#comment-17067183 ] Edgardo Rodriguez commented on GUACAMOLE-708: - I've tried Jira/708 branch, but users are not "auto created" My current scenario is: Auth via LDAP (working ok) TOTP enabled If prior loging in and enrollment user has no permission to self-update password, Access is denied due to enrollment process not taking place. If I get the user have the desired permission, process of enrollment is normal. Added this to guacamole.properties: mysql-auto-create-accounts: true > Allow JDBC Users to be Created Automatically > > > Key: GUACAMOLE-708 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-708 > Project: Guacamole > Issue Type: New Feature > Components: guacamole-auth-jdbc >Reporter: Nick Couchman >Assignee: Mike Jumper >Priority: Minor > Fix For: 1.2.0 > > > A feature common to other applications that store data in one place and can > authenticate from other sources is to enable automatic creation of user > accounts within the database assuming the user is successfully authenticated > elsewhere. > I propose doing something similar with the Guacamole JDBC extension, or, > depending on how the implementation works out, with the other extensions - a > property that, disabled by default, could be enabled that would allow users > authenticated successfully through other extensions to be automatically > created within the JDBC extension. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[
https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17063629#comment-17063629
]
Edgardo Rodriguez commented on GUACAMOLE-708:
-
mvn package fails with:
{color:#FF}[ERROR]
/home/ed/guacamole-client/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLEnvironment.java:[304,4]
error: method does not override or implement a method from a supertype{color}
> Allow JDBC Users to be Created Automatically
>
>
> Key: GUACAMOLE-708
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-708
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-jdbc
>Reporter: Nick Couchman
>Assignee: Mike Jumper
>Priority: Minor
> Fix For: 1.2.0
>
>
> A feature common to other applications that store data in one place and can
> authenticate from other sources is to enable automatic creation of user
> accounts within the database assuming the user is successfully authenticated
> elsewhere.
> I propose doing something similar with the Guacamole JDBC extension, or,
> depending on how the implementation works out, with the other extensions - a
> property that, disabled by default, could be enabled that would allow users
> authenticated successfully through other extensions to be automatically
> created within the JDBC extension.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[ https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17053444#comment-17053444 ] Nick Couchman commented on GUACAMOLE-708: - Okay, let's just keep it, here, then. > Allow JDBC Users to be Created Automatically > > > Key: GUACAMOLE-708 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-708 > Project: Guacamole > Issue Type: New Feature > Components: guacamole-auth-jdbc >Reporter: Nick Couchman >Assignee: Nick Couchman >Priority: Minor > Fix For: 1.2.0 > > > A feature common to other applications that store data in one place and can > authenticate from other sources is to enable automatic creation of user > accounts within the database assuming the user is successfully authenticated > elsewhere. > I propose doing something similar with the Guacamole JDBC extension, or, > depending on how the implementation works out, with the other extensions - a > property that, disabled by default, could be enabled that would allow users > authenticated successfully through other extensions to be automatically > created within the JDBC extension. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[
https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17049785#comment-17049785
]
Mike Jumper commented on GUACAMOLE-708:
---
If the original high-level purpose of this change was to facilitate arbitrary
storage, my preference would be to adjust the JIRA issue to reflect that, and
then both low-level changes would be within scope.
If you think automatic user creation is a high-level need in itself, I don't
have any issue with splitting the privileged {{UserContext}} bit into its own
separate issue, as well.
> Allow JDBC Users to be Created Automatically
>
>
> Key: GUACAMOLE-708
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-708
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-jdbc
>Reporter: Nick Couchman
>Assignee: Nick Couchman
>Priority: Minor
> Fix For: 1.2.0
>
>
> A feature common to other applications that store data in one place and can
> authenticate from other sources is to enable automatic creation of user
> accounts within the database assuming the user is successfully authenticated
> elsewhere.
> I propose doing something similar with the Guacamole JDBC extension, or,
> depending on how the implementation works out, with the other extensions - a
> property that, disabled by default, could be enabled that would allow users
> authenticated successfully through other extensions to be automatically
> created within the JDBC extension.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[
https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17048738#comment-17048738
]
Mike Jumper commented on GUACAMOLE-708:
---
Can you provide an example of such a case? My impression of the user management
UI was that it would inherently allow for automatic creation of database users
so long as the available users were exposed by the extension identifying them
(such as by LDAP).
Regarding allowing things like TOTP to store arbitrary data, I think there may
be additional changes needed to facilitate that, since the database auth will
not allow users to store attributes unless those users have {{UPDATE}}
permission on themselves and an extension which decorates another can only act
with the permissions granted to the {{UserContext}} being decorated. I have
some changes that I've been experimenting with which allow extensions to obtain
a {{UserContext}} that is privileged which may be appropriate to be part of
this, if the scope can be broadened to cover the problem it's intended to solve
(the ability for extensions to work together to store arbitrary data) rather
than the specific piece of that solution (automatic user creation).
> Allow JDBC Users to be Created Automatically
>
>
> Key: GUACAMOLE-708
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-708
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-jdbc
>Reporter: Nick Couchman
>Assignee: Nick Couchman
>Priority: Minor
> Fix For: 1.2.0
>
>
> A feature common to other applications that store data in one place and can
> authenticate from other sources is to enable automatic creation of user
> accounts within the database assuming the user is successfully authenticated
> elsewhere.
> I propose doing something similar with the Guacamole JDBC extension, or,
> depending on how the implementation works out, with the other extensions - a
> property that, disabled by default, could be enabled that would allow users
> authenticated successfully through other extensions to be automatically
> created within the JDBC extension.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[
https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17048704#comment-17048704
]
Nick Couchman commented on GUACAMOLE-708:
-
{quote}
IIRC, the ultimate reason behind the need to automatically create database
accounts for successfully-authenticated users is primarily to allow extensions
like TOTP to store arbitrary data, as they can't successfully do so if the
database lacks a user account to serve as that storage. Is that correct?
{quote}
Yes, and also for handling permissions assignments where groups may not be
applicable and you don't want to manually create the users in the DB module in
order to assign permissions.
> Allow JDBC Users to be Created Automatically
>
>
> Key: GUACAMOLE-708
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-708
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-jdbc
>Reporter: Nick Couchman
>Assignee: Nick Couchman
>Priority: Minor
> Fix For: 1.2.0
>
>
> A feature common to other applications that store data in one place and can
> authenticate from other sources is to enable automatic creation of user
> accounts within the database assuming the user is successfully authenticated
> elsewhere.
> I propose doing something similar with the Guacamole JDBC extension, or,
> depending on how the implementation works out, with the other extensions - a
> property that, disabled by default, could be enabled that would allow users
> authenticated successfully through other extensions to be automatically
> created within the JDBC extension.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (GUACAMOLE-708) Allow JDBC Users to be Created Automatically
[
https://issues.apache.org/jira/browse/GUACAMOLE-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17048692#comment-17048692
]
Mike Jumper commented on GUACAMOLE-708:
---
[~vnick], regarding the background given in the description:
{quote}
A feature common to other applications that store data in one place and can
authenticate from other sources is to enable automatic creation of user
accounts within the database assuming the user is successfully authenticated
elsewhere.
{quote}
IIRC, the ultimate reason behind the need to automatically create database
accounts for successfully-authenticated users is primarily to allow extensions
like TOTP to store arbitrary data, as they can't successfully do so if the
database lacks a user account to serve as that storage. Is that correct?
> Allow JDBC Users to be Created Automatically
>
>
> Key: GUACAMOLE-708
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-708
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-jdbc
>Reporter: Nick Couchman
>Assignee: Nick Couchman
>Priority: Minor
> Fix For: 1.2.0
>
>
> A feature common to other applications that store data in one place and can
> authenticate from other sources is to enable automatic creation of user
> accounts within the database assuming the user is successfully authenticated
> elsewhere.
> I propose doing something similar with the Guacamole JDBC extension, or,
> depending on how the implementation works out, with the other extensions - a
> property that, disabled by default, could be enabled that would allow users
> authenticated successfully through other extensions to be automatically
> created within the JDBC extension.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
