diff -drupN guacamole-client-original-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java guacamole-client-0.9.11-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java --- guacamole-client-original-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java 2017-01-22 21:03:00.000000000 +0100 +++ guacamole-client-0.9.11-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java 2017-02-14 14:11:42.011550249 +0100 @@ -114,6 +114,26 @@ public class ConfigurationService { } /** + * MCM: Returns the ldap filter to apply in order to get the + * the users. The string is configured with + * guacamole.properties. By default, this will be the identity + * filter "cn=*". + * + * @return + * The ldap filter as configured with + * guacamole.properties. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + public String getUsersFilter() throws GuacamoleException { + return environment.getProperty( + LDAPGuacamoleProperties.LDAP_USERS_FILTER, + "cn=*" + ); + } + + /** * Returns the base DN under which all Guacamole configurations * (connections) will be stored within the LDAP directory. If Guacamole * configurations will not be stored within LDAP, null is returned. diff -drupN guacamole-client-original-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java guacamole-client-0.9.11-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java --- guacamole-client-original-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java 2017-01-22 21:03:00.000000000 +0100 +++ guacamole-client-0.9.11-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java 2017-02-14 14:17:06.107421996 +0100 @@ -73,6 +73,18 @@ public class LDAPGuacamoleProperties { }; /** + * MCM: The LDAP filter to apply in order to get users. Only users that match + * this filter will be ablr to use guacamole and will be visible on the + * interface. + */ + public static final StringGuacamoleProperty LDAP_USERS_FILTER = new StringGuacamoleProperty() { + + @Override + public String getName() { return "ldap-users-filter"; } + + }; + + /** * The attribute or attributes which identify users. One of these * attributes must be present within each Guacamole user's record in the * LDAP directory. If the LDAP authentication will not be given its own diff -drupN guacamole-client-original-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java guacamole-client-0.9.11-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java --- guacamole-client-original-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java 2017-01-22 21:03:00.000000000 +0100 +++ guacamole-client-0.9.11-incubating/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java 2017-02-14 14:23:00.671284258 +0100 @@ -92,10 +92,11 @@ public class UserService { constraints.setMaxResults(confService.getMaxResults()); // Find all Guacamole users underneath base DN + // MCM: Added the users filter specified on the configuration file LDAPSearchResults results = ldapConnection.search( confService.getUserBaseDN(), LDAPConnection.SCOPE_SUB, - "(&(objectClass=*)(" + escapingService.escapeLDAPSearchFilter(usernameAttribute) + "=*))", + "(&(objectClass=*)(" + escapingService.escapeLDAPSearchFilter(usernameAttribute) + "=*)(" + escapingService.escapeLDAPSearchFilter(confService.getUsersFilter()) + "))", null, false, constraints @@ -214,6 +215,11 @@ public class UserService { if (usernameAttributes.size() > 1) ldapQuery.append(")"); + // MCM: Add the users query filter specified by configuration + ldapQuery.append("("); + ldapQuery.append(escapingService.escapeLDAPSearchFilter(confService.getUsersFilter())); + ldapQuery.append(")"); + // Close overall query (AND clause) ldapQuery.append(")");