[jira] [Commented] (GUACAMOLE-996) Provide configuration for filtering LDAP groups

Fri, 27 Mar 2020 16:17:09 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-996?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17069108#comment-17069108
 ] 

Peter Ruhrmann commented on GUACAMOLE-996:
------------------------------------------

[~erodriguez19]: Thanks, this was quick! Your patch would work in my situation, 
but it would only work as long as there are no other objects in the subtree 
containing an attribute with that name. And it would not return empty groups as 
they don't have a member attribute. This should not be a problem in most 
situations but maybe implementing a new configuration option 
ldap-group-search-filter would be more flexible (but perhabs slower?).

> Provide configuration for filtering LDAP groups
> -----------------------------------------------
>
>                 Key: GUACAMOLE-996
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-996
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-ldap
>            Reporter: Peter Ruhrmann
>            Priority: Minor
>         Attachments: UserGroupService_donotretrieveall.patch
>
>
> *Problem:*
> If you have an LDAP-Directory where Users and Groups are in the same subtree 
> and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all 
> objects under the DN configured as ldap-group-base-dn returned as groups.
> *Example:*
> Our directory looks like this:
> DC=AD,DC=company,DC=de
>  * OU=faculty
>  ** Group1
>  ** Group2
>  ** Group3
>  ** ...
>  ** OU=students
>  *** Student0001
>  *** Student0002
>  *** Student0003
>  *** ...
>  *** Student1999
> As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de
> But then I get in the Web-UI all Groups and all Students as Group-Objects 
> which makes no sense
> *Suggested fix*
> I have a fix for me but as I am not a programmer, I don't know how to 
> implement it the right way.
> I changed in UserGroupService.java line 92 from:
> {{return new PresenceNode("objectClass");}}
> to
> {{return new AndNode(new EqualityNode("objectClass","group"));}}
> and added
> {{import org.apache.directory.api.ldap.model.filter.AndNode;}}
> at line 34.
> Thanks for making this great project!
>  
> Peter
>  
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to