[GUACAMOLE-996] Provide configuration for filtering LDAP groups - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Done
Affects Version/s: None
Fix Version/s: 1.4.0
Component/s: Documentation, guacamole-auth-ldap
Labels:
None

Description

Problem:

If you have an LDAP-Directory where Users and Groups are in the same subtree and you don't use LDAP for Connection-Storage (guacConfigGroup) you get all objects under the DN configured as ldap-group-base-dn returned as groups.

Example:

Our directory looks like this:

DC=AD,DC=company,DC=de

OU=faculty
- Group1
- Group2
- Group3
- ...
- OU=students
  - Student0001
  - Student0002
  - Student0003
  - ...
  - Student1999

As ldap-group-base-dn I have to configure OU=faculty,DC=AD,DC=company,dc=de

But then I get in the Web-UI all Groups and all Students as Group-Objects which makes no sense

Suggested fix

I have a fix for me but as I am not a programmer, I don't know how to implement it the right way.

I changed in UserGroupService.java line 92 from:

return new PresenceNode("objectClass");

return new AndNode(new EqualityNode("objectClass","group"));

and added

import org.apache.directory.api.ldap.model.filter.AndNode;

at line 34.

Thanks for making this great project!

Peter

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

UserGroupService_donotretrieveall.patch
27/Mar/20 19:02
0.8 kB
Edgardo Rodriguez

Issue Links

is duplicated by

GUACAMOLE-998 LDAP: Do not retrieve all groups from LDAP

Closed

Activity

People

Assignee:: Mike Jumper

Reporter:: Peter Ruhrmann

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 27/Mar/20 13:02

Updated:: 05/Jan/22 16:55

Resolved:: 27/Jul/21 22:37