[jira] [Commented] (GUACAMOLE-284) When using ldap with MySQL backend "Account Restrictions" doesn't work

Tue, 23 May 2017 05:58:32 -0700 

    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16021156#comment-16021156
 ] 

Nick Couchman commented on GUACAMOLE-284:
-----------------------------------------

> While it's true that account restrictions defined within the database auth 
> shouldn't affect whether another authentication mechanism succeeds/fails, I'd 
> say those restrictions should still take effect when it comes to providing 
> access to the data actually defined within the database.

I agree.  I was commenting on how it currently works, not, necessarily, on how 
it should work :-).  However, the flip-side of this is making sure that it's 
understood how to properly secure database accounts in the above scenario, if 
necessary, to prevent accounts that may not have a password set on them from 
being exploited.  That may already be taken care of in the Guacamole code - I 
did try to create a database user without a password and log in with it and it 
did not work, so this may not be a concern at all?  Anyway, I agree that 
disabling the account in the DB module should result in the connection 
information for that user being inaccessible, even if another module succeeds.

> When using ldap with MySQL backend "Account Restrictions" doesn't work
> ----------------------------------------------------------------------
>
>                 Key: GUACAMOLE-284
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-284
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-jdbc-mysql, guacamole-auth-ldap, 
> guacamole-client
>    Affects Versions: 0.9.12-incubating
>            Reporter: Mark van den Boogaard
>
> When using LDAP authentication and a MySQL backend the options under "Account 
> Restrictions" are not working.
> When we set the option "Disabled" or "Enable/Disable account after" this has 
> no effect.
> For us the users who managing Guacamole (users and connections) do not have 
> access to LDAP to enable/disable accounts. So it would be nice to do have 
> these options working when using LDAP authentication with MySQL



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Reply via email to