[ https://issues.apache.org/jira/browse/GUACAMOLE-996 ]
Jason Keltz deleted comment on GUACAMOLE-996:
---------------------------------------
was (Author: kangaroo22):
[~vnick] I configured ldap-group-search-filter exactly as yours is in
guacamole.properties. I previously had just ldap-group-search-filter:
(objectClass=group) so I updated it, and restarted tomcat. I had restarted
tomcat for the previous change anyway. My result is the same. In particular,
when I go into "groups" in Guac, I see all my users and groups, which is the
same behaviour without the patch.
I may be misunderstanding this new functionality. Should I only be seeing the
groups now? The change that I've been patching since 1.2.0 does indeed do
that. It shouldn't make much difference on the LDAP version because that patch
was just sending objectClass=group. I can continue to patch it, and I'm sure
it will work fine, but I'd love to get this working so that I don't need to.
> Provide configuration for filtering LDAP groups
> -----------------------------------------------
>
> Key: GUACAMOLE-996
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-996
> Project: Guacamole
> Issue Type: Improvement
> Components: Documentation, guacamole-auth-ldap
> Reporter: Peter Ruhrmann
> Assignee: Mike Jumper
> Priority: Minor
> Fix For: 1.4.0
>
> Attachments: UserGroupService_donotretrieveall.patch
>
>
> *Problem:*
> If you have an LDAP-Directory where Users and Groups are in the same subtree
> and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all
> objects under the DN configured as ldap-group-base-dn returned as groups.
> *Example:*
> Our directory looks like this:
> DC=AD,DC=company,DC=de
> * OU=faculty
> ** Group1
> ** Group2
> ** Group3
> ** ...
> ** OU=students
> *** Student0001
> *** Student0002
> *** Student0003
> *** ...
> *** Student1999
> As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de
> But then I get in the Web-UI all Groups and all Students as Group-Objects
> which makes no sense
> *Suggested fix*
> I have a fix for me but as I am not a programmer, I don't know how to
> implement it the right way.
> I changed in UserGroupService.java line 92 from:
> {{return new PresenceNode("objectClass");}}
> to
> {{return new AndNode(new EqualityNode("objectClass","group"));}}
> and added
> {{import org.apache.directory.api.ldap.model.filter.AndNode;}}
> at line 34.
> Thanks for making this great project!
>
> Peter
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
