Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 6A997200C8C for ; Mon, 22 May 2017 18:56:09 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6923E160BAD; Mon, 22 May 2017 16:56:09 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B9F04160BBF for ; Mon, 22 May 2017 18:56:08 +0200 (CEST) Received: (qmail 86036 invoked by uid 500); 22 May 2017 16:56:06 -0000 Mailing-List: contact commits-help@guacamole.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@guacamole.incubator.apache.org Delivered-To: mailing list commits@guacamole.incubator.apache.org Received: (qmail 86027 invoked by uid 99); 22 May 2017 16:56:06 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 May 2017 16:56:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 9770DCEE37 for ; Mon, 22 May 2017 16:56:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id UVesb3zrl0Vn for ; Mon, 22 May 2017 16:56:05 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id CB5E85FB32 for ; Mon, 22 May 2017 16:56:04 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 639EAE05F7 for ; Mon, 22 May 2017 16:56:04 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 1CF0321B57 for ; Mon, 22 May 2017 16:56:04 +0000 (UTC) Date: Mon, 22 May 2017 16:56:04 +0000 (UTC) From: "Nick Couchman (JIRA)" To: commits@guacamole.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (GUACAMOLE-284) When using ldap with MySQL backend "Account Restrictions" doesn't work MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 22 May 2017 16:56:09 -0000 [ https://issues.apache.org/jira/browse/GUACAMOLE-284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019817#comment-16019817 ] Nick Couchman commented on GUACAMOLE-284: ----------------------------------------- It sounds like maybe there's some confusion or missing information with how you have authentication set up. Do you have MySQL authentication only, or are you layering MySQL with LDAP? Based on your description it sounds like you're doing the later, and, the way authentication layering currently works in Guacamole, disabling the account will only disable authentication of the account via the database module, it won't actually block a login, as authentication will succeed via the LDAP module. When authentication succeeds, the user will be logged in, and then the user's permissions will be aggregated from other authentication sources that contain the same username. So, disabled, time restrictions, and account expiration settings inside the database modules will not impact logins that happen via another module when multiple modules are layered. > When using ldap with MySQL backend "Account Restrictions" doesn't work > ---------------------------------------------------------------------- > > Key: GUACAMOLE-284 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-284 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-jdbc-mysql, guacamole-auth-ldap, guacamole-client > Affects Versions: 0.9.12-incubating > Reporter: Mark van den Boogaard > > When using LDAP authentication and a MySQL backend the options under "Account Restrictions" are not working. > When we set the option "Disabled" or "Enable/Disable account after" this has no effect. > For us the users who managing Guacamole (users and connections) do not have access to LDAP to enable/disable accounts. So it would be nice to do have these options working when using LDAP authentication with MySQL -- This message was sent by Atlassian JIRA (v6.3.15#6346)