guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Jumper (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GUACAMOLE-284) When using ldap with MySQL backend "Account Restrictions" doesn't work
Date Tue, 23 May 2017 07:09:04 GMT

    [ https://issues.apache.org/jira/browse/GUACAMOLE-284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16020731#comment-16020731
] 

Michael Jumper commented on GUACAMOLE-284:
------------------------------------------

{quote}
So, disabled, time restrictions, and account expiration settings inside the database modules
will not impact logins that happen via another module when multiple modules are layered.
{quote}

While it's true that account restrictions defined within the database auth shouldn't affect
whether another authentication mechanism succeeds/fails, I'd say those restrictions should
still take effect when it comes to providing access to the data actually defined within the
database.

It makes sense that the LDAP authentication would succeed, but I'm not sure it makes sense
that access to the connections, etc. within the database would be granted for an account which
is disabled (or otherwise restricted) within the database, particularly with respect to the
{{mysql-user-required}} / {{postgresql-user-required}} properties.

> When using ldap with MySQL backend "Account Restrictions" doesn't work
> ----------------------------------------------------------------------
>
>                 Key: GUACAMOLE-284
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-284
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-jdbc-mysql, guacamole-auth-ldap, guacamole-client
>    Affects Versions: 0.9.12-incubating
>            Reporter: Mark van den Boogaard
>
> When using LDAP authentication and a MySQL backend the options under "Account Restrictions"
are not working.
> When we set the option "Disabled" or "Enable/Disable account after" this has no effect.
> For us the users who managing Guacamole (users and connections) do not have access to
LDAP to enable/disable accounts. So it would be nice to do have these options working when
using LDAP authentication with MySQL



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message