The issue should only affect the ability to see the LDAP users in the admin pages. That's the only place that a query retrieving all users is attempted.
The authentication process involves either (1) binding using a DN derived directly from the username provided or (2) binding using a dedicated search DN for the sake of querying the DN of the user having the username provided, and then binding as THAT user. At most, authentication will involve retrieving a single entry; nothing near the default limit of 1000 entries. - Mike On Mon, Sep 12, 2016 at 5:34 PM, Peter Burdine <pburd...@gmail.com> wrote: > Sorry to bring this up again. I am looking to use this to setup a system > that has just over 1000 users. I am planning on using LDAP for auth, but > MySQL for connectivity data. Does this issue affect the ability for some > users to login, or does it just affect the ability to see all of the LDAP > users in the admin pages? I don't see this info in the Jira ticket or PR > discussion. > > Thanks, > Peter > > On Sun, Aug 14, 2016 at 7:17 PM, James Muehlner > <james.muehl...@guac-dev.org> wrote: >> >> Hey Herve, >> >> I see that you created the pull request and associated ticket. Great! >> Let's move the discussion over to Github at this point. >> >> James >> >> >> >> On Sun, Aug 14, 2016 at 8:05 AM, Herve Guehl <herve.gu...@gmail.com> >> wrote: >>> >>> Hi James, >>> did my homework (though this was my first time with git :p ). >>> The code in itself is not dirty (I hope ;), I just meant that it would >>> better to get the results from ldap as mentionned by RFC 2696. But IMHO >>> nowadays we can get more than 1000 results using a search in a ldap >>> directory... >>> >>> Hervé >>> >>> >>> >>> On Sun, Aug 14, 2016 at 2:54 AM, James Muehlner >>> <james.muehl...@guac-dev.org> wrote: >>>> >>>> Greetings Herve, >>>> >>>> In order to accept code changes into the project, we'll need a pull >>>> request on GitHub, and a corresponding JIRA issue in the Apache JIRA. See >>>> our contribution guidelines for more information. >>>> >>>> As a side note, we're always happy to accept code contributions from the >>>> community, but we do try to make sure that the contributions are always up >>>> to our code quality standards. If you feel that your patch is a bit dirty, >>>> it may have to be cleaned up a bit before we're ready to accept it >>>> upstream. >>>> >>>> James >>>> >>>> On Fri, Aug 5, 2016 at 12:45 PM, Herve Guehl <herve.gu...@gmail.com> >>>> wrote: >>>>> >>>>> Hi, >>>>> If your active directory contains more than 1000 users in the search >>>>> OU, you'll need to : >>>>> - Configure your active directory to extend the MaxPageSize limit >>>>> (default 1000) >>>>> https://technet.microsoft.com/en-us/library/cc770976%28v=ws.11%29.aspx >>>>> - Use the included patch (a bit dirty, as it would be better to fetch >>>>> results according to the max page size, but works for me) : >>>>> - it enable the possibility to get more than 1000 results for a ldap >>>>> request for the guacamole-client. You will have to add ldap-maxresults: >>>>> 2000 >>>>> (or the value you need) in your guacamole.properties file. >>>>> >>>>> Have fun. >>>>> Hervé >>>> >>>> >>> >> >
