GitHub user mike-jumper opened a pull request:
https://github.com/apache/guacamole-client/pull/337
GUACAMOLE-220: Add user group support to LDAP.
These changes add support for querying user groups from an LDAP directory,
exposing those groups using Guacamole's new user group API.
The groups which apply to an authenticated user are exposed as effective
groups, allowing other authentication providers to dictate permissions based on
their own identically-named groups. As with LDAP users, LDAP user groups are
additionally exposed in a read-only manner such that they can be easily
selected within the admin interface.
To avoid further duplicating LDAP query code, the common aspects of LDAP
queries within Guacamole have been abstracted into `ObjectQueryService`, with
existing services refactored accordingly.
Additional convenience objects missing from the user group API were also
added (`SimpleUserGroup` and `AbstractUserGroup`). The refactor adding these
classes involved:
* Adding `EMPTY_SET` convenience constants to remove the need to create new
empty permission sets everywhere.
* Deprecating the built-in permission support of `SimpleUser` to keep
things in line with the simpler (and arguably more sensible) design of
`SimpleUserGroup`.
* Adding convenience constructors to the various sets to make
non-deprecated usage of `SimpleUser` and `SimpleUserGroup` easy.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/guacamole-client
ldap-effective-groups
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/guacamole-client/pull/337.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #337
----
commit 7c57b448bbd6a76018a3fd531950b952ac94dca0
Author: Michael Jumper <mjumper@...>
Date: 2018-11-02T22:03:56Z
GUACAMOLE-220: Define generic service for executing LDAP queries. Refactor
existing services to remove common code.
commit 5362bc6708d10c56a66071c5adcfdb7e2ae816ad
Author: Michael Jumper <mjumper@...>
Date: 2018-11-03T17:07:47Z
GUACAMOLE-220: Add SimpleUserGroup (read-only UserGroup implementation with
no members).
commit 929c7de2c9a50d8b7727f5fc107bdc2b355c3f8f
Author: Michael Jumper <mjumper@...>
Date: 2018-11-03T17:09:14Z
GUACAMOLE-220: Add user group permissions to SimpleUser.
commit bdc792603db1706e8126ba027d8d86f203ab3171
Author: Michael Jumper <mjumper@...>
Date: 2018-11-03T17:10:19Z
GUACAMOLE-220: Add configuration property for setting the attributes which
uniquely identify user groups within LDAP.
commit aa0c65423146929a46ceeb1beb7573815c0e4513
Author: Michael Jumper <mjumper@...>
Date: 2018-11-03T19:34:04Z
GUACAMOLE-220: Retrieve user groups from LDAP. Take immediate group
membership into account.
commit d10256e15112bb476f22f28f878e3972bc83e34c
Author: Michael Jumper <mjumper@...>
Date: 2018-11-03T20:58:50Z
GUACAMOLE-220: Deprecate built-in support for storage of permissions in
SimpleUser. Add convenience constructors for SimpleObjectPermissionSet.
commit d533de118f26000cba4eefd6571964ba6614810b
Author: Michael Jumper <mjumper@...>
Date: 2018-11-02T23:01:48Z
GUACAMOLE-220: Add EMPTY_SET convenience constant to all core set
interfaces.
commit 90a6d8e371181e8e4e626a2cee5aed9fd0b0b678
Author: Michael Jumper <mjumper@...>
Date: 2018-11-03T21:14:04Z
GUACAMOLE-220: Clarify usage of SimpleUser and SimpleUserGroup.
commit 2d6ba84a3de4bdd126a033aa357a6ea3593cb85f
Author: Michael Jumper <mjumper@...>
Date: 2018-11-03T21:52:24Z
GUACAMOLE-220: Refactor default behavior of SimpleUser and SimpleUserGroup
into AbstractUser and AbstractUserGroup.
----
---
