guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Jumper (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (GUACAMOLE-70) Add option to restrict access to users within database
Date Sun, 13 Nov 2016 02:10:59 GMT

     [ https://issues.apache.org/jira/browse/GUACAMOLE-70?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Jumper resolved GUACAMOLE-70.
-------------------------------------
    Resolution: Done

> Add option to restrict access to users within database
> ------------------------------------------------------
>
>                 Key: GUACAMOLE-70
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-70
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-jdbc
>            Reporter: Michael Jumper
>            Assignee: Michael Jumper
>             Fix For: 0.9.11-incubating
>
>
> The LDAP and database authentication backends have been usable together since [GUAC-586|https://glyptodon.org/jira/browse/GUAC-586],
but this still causes trouble in the case that only LDAP users that *also* exist within the
database should have access.
> There are cases where large deployments of Guacamole involve a large LDAP tree that contains
many users, only a subset of which should be granted access to Guacamole. Restructuring the
LDAP tree to ensure that only certain users can log in to Guacamole is not always feasible.
Rather than universally granting access so long as LDAP accepts the credentials, the database
authentication should provide an option to deny access to authenticated users if they do not
also have associated data in the database.
> It has been verified that extensions can indeed reject an otherwise positive authentication
result from a different extension.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message