GitHub user mike-jumper opened a pull request: https://github.com/apache/guacamole-client/pull/337
GUACAMOLE-220: Add user group support to LDAP. These changes add support for querying user groups from an LDAP directory, exposing those groups using Guacamole's new user group API. The groups which apply to an authenticated user are exposed as effective groups, allowing other authentication providers to dictate permissions based on their own identically-named groups. As with LDAP users, LDAP user groups are additionally exposed in a read-only manner such that they can be easily selected within the admin interface. To avoid further duplicating LDAP query code, the common aspects of LDAP queries within Guacamole have been abstracted into `ObjectQueryService`, with existing services refactored accordingly. Additional convenience objects missing from the user group API were also added (`SimpleUserGroup` and `AbstractUserGroup`). The refactor adding these classes involved: * Adding `EMPTY_SET` convenience constants to remove the need to create new empty permission sets everywhere. * Deprecating the built-in permission support of `SimpleUser` to keep things in line with the simpler (and arguably more sensible) design of `SimpleUserGroup`. * Adding convenience constructors to the various sets to make non-deprecated usage of `SimpleUser` and `SimpleUserGroup` easy. You can merge this pull request into a Git repository by running: $ git pull https://github.com/mike-jumper/guacamole-client ldap-effective-groups Alternatively you can review and apply these changes as the patch at: https://github.com/apache/guacamole-client/pull/337.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #337 ---- commit 7c57b448bbd6a76018a3fd531950b952ac94dca0 Author: Michael Jumper <mjumper@...> Date: 2018-11-02T22:03:56Z GUACAMOLE-220: Define generic service for executing LDAP queries. Refactor existing services to remove common code. commit 5362bc6708d10c56a66071c5adcfdb7e2ae816ad Author: Michael Jumper <mjumper@...> Date: 2018-11-03T17:07:47Z GUACAMOLE-220: Add SimpleUserGroup (read-only UserGroup implementation with no members). commit 929c7de2c9a50d8b7727f5fc107bdc2b355c3f8f Author: Michael Jumper <mjumper@...> Date: 2018-11-03T17:09:14Z GUACAMOLE-220: Add user group permissions to SimpleUser. commit bdc792603db1706e8126ba027d8d86f203ab3171 Author: Michael Jumper <mjumper@...> Date: 2018-11-03T17:10:19Z GUACAMOLE-220: Add configuration property for setting the attributes which uniquely identify user groups within LDAP. commit aa0c65423146929a46ceeb1beb7573815c0e4513 Author: Michael Jumper <mjumper@...> Date: 2018-11-03T19:34:04Z GUACAMOLE-220: Retrieve user groups from LDAP. Take immediate group membership into account. commit d10256e15112bb476f22f28f878e3972bc83e34c Author: Michael Jumper <mjumper@...> Date: 2018-11-03T20:58:50Z GUACAMOLE-220: Deprecate built-in support for storage of permissions in SimpleUser. Add convenience constructors for SimpleObjectPermissionSet. commit d533de118f26000cba4eefd6571964ba6614810b Author: Michael Jumper <mjumper@...> Date: 2018-11-02T23:01:48Z GUACAMOLE-220: Add EMPTY_SET convenience constant to all core set interfaces. commit 90a6d8e371181e8e4e626a2cee5aed9fd0b0b678 Author: Michael Jumper <mjumper@...> Date: 2018-11-03T21:14:04Z GUACAMOLE-220: Clarify usage of SimpleUser and SimpleUserGroup. commit 2d6ba84a3de4bdd126a033aa357a6ea3593cb85f Author: Michael Jumper <mjumper@...> Date: 2018-11-03T21:52:24Z GUACAMOLE-220: Refactor default behavior of SimpleUser and SimpleUserGroup into AbstractUser and AbstractUserGroup. ---- ---