Repository: guacamole-client Updated Branches: refs/heads/master 5ce0c0f03 -> a34bbcf63
GUACAMOLE-593: Allow group membership attribute to be configured. Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/343b21ab Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/343b21ab Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/343b21ab Branch: refs/heads/master Commit: 343b21aba523915ebc172793a46827c0f8daeb93 Parents: 5ce0c0f Author: Nick Couchman <vn...@apache.org> Authored: Mon Jul 30 16:45:51 2018 -0400 Committer: Nick Couchman <vn...@apache.org> Committed: Mon Jul 30 16:45:51 2018 -0400 ---------------------------------------------------------------------- .../apache/guacamole/auth/ldap/ConfigurationService.java | 7 +++++++ .../guacamole/auth/ldap/LDAPGuacamoleProperties.java | 7 +++++++ .../guacamole/auth/ldap/connection/ConnectionService.java | 10 ++++++++-- 3 files changed, 22 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/343b21ab/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index de7c71c..361af03 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -358,5 +358,12 @@ public class ConfigurationService { LDAPGuacamoleProperties.LDAP_USER_ATTRIBUTES ); } + + public String getMemberAttribute() throws GuacamoleException { + return environment.getProperty( + LDAPGuacamoleProperties.LDAP_MEMBER_ATTRIBUTE, + "member" + ); + } } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/343b21ab/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index 6372d81..e96145f 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -215,4 +215,11 @@ public class LDAPGuacamoleProperties { public String getName() { return "ldap-user-attributes"; } }; + + public static final StringGuacamoleProperty LDAP_MEMBER_ATTRIBUTE = new StringGuacamoleProperty() { + + @Override + public String getName() { return "ldap-member-attribute"; } + + }; } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/343b21ab/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java index a282f30..5533ff0 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java @@ -245,7 +245,10 @@ public class ConnectionService { StringBuilder connectionSearchFilter = new StringBuilder(); // Add the prefix to the search filter, prefix filter searches for guacConfigGroups with the userDN as the member attribute value - connectionSearchFilter.append("(&(objectClass=guacConfigGroup)(|(member="); + connectionSearchFilter.append("(&(objectClass=guacConfigGroup)"); + connectionSearchFilter.append("(|("); + connectionSearchFilter.append(confService.getMemberAttribute()); + connectionSearchFilter.append("="); connectionSearchFilter.append(escapingService.escapeLDAPSearchFilter(userDN)); connectionSearchFilter.append(")"); @@ -257,7 +260,10 @@ public class ConnectionService { LDAPSearchResults userRoleGroupResults = ldapConnection.search( groupBaseDN, LDAPConnection.SCOPE_SUB, - "(&(!(objectClass=guacConfigGroup))(member=" + escapingService.escapeLDAPSearchFilter(userDN) + "))", + "(&(!(objectClass=guacConfigGroup))(" + + confService.getMemberAttribute() + + "=" + escapingService.escapeLDAPSearchFilter(userDN) + + "))", null, false, confService.getLDAPSearchConstraints()