Uploaded image for project: 'Guacamole'
  1. Guacamole
  2. GUACAMOLE-70

Add option to restrict access to users within database

    Details

      Description

      The LDAP and database authentication backends have been usable together since GUAC-586, but this still causes trouble in the case that only LDAP users that also exist within the database should have access.

      There are cases where large deployments of Guacamole involve a large LDAP tree that contains many users, only a subset of which should be granted access to Guacamole. Restructuring the LDAP tree to ensure that only certain users can log in to Guacamole is not always feasible. Rather than universally granting access so long as LDAP accepts the credentials, the database authentication should provide an option to deny access to authenticated users if they do not also have associated data in the database.

      It has been verified that extensions can indeed reject an otherwise positive authentication result from a different extension.

        Issue Links

          Activity

          Hide
          mike.jumper Michael Jumper added a comment -

          I've implemented new "postgresql-user-required" and "mysql-user-required" properties which enable this functionality via commit d8d7b2c on incubator-guacamole-client. When set to "true", authentication is canceled for users which do not have corresponding entries in the database.

          Should probably hold off on the pull request, however, to ensure we don't just keep increasing the testing surface of 0.9.10-incubating... That release is going to be enormous enough already.

          Show
          mike.jumper Michael Jumper added a comment - I've implemented new "postgresql-user-required" and "mysql-user-required" properties which enable this functionality via commit d8d7b2c on incubator-guacamole-client. When set to "true", authentication is canceled for users which do not have corresponding entries in the database. Should probably hold off on the pull request, however, to ensure we don't just keep increasing the testing surface of 0.9.10-incubating... That release is going to be enormous enough already.

            People

            • Assignee:
              mike.jumper Michael Jumper
              Reporter:
              mike.jumper Michael Jumper
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development