guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Burdine <pburd...@gmail.com>
Subject Re: LDAPConnection a size limit of 1000 ?
Date Tue, 13 Sep 2016 18:53:31 GMT
I thought that was the case.  That just means worst case, I have to create
the user in the DB manually (with the correct matching user name), then
assign the connections until 0.9.10 comes out and the limit is increased.

Thanks for the clarification!

On Tue, Sep 13, 2016 at 12:18 AM, Mike Jumper <mike.jumper@guac-dev.org>
wrote:

> The issue should only affect the ability to see the LDAP users in the
> admin pages. That's the only place that a query retrieving all users
> is attempted.
>
> The authentication process involves either (1) binding using a DN
> derived directly from the username provided or (2) binding using a
> dedicated search DN for the sake of querying the DN of the user having
> the username provided, and then binding as THAT user. At most,
> authentication will involve retrieving a single entry; nothing near
> the default limit of 1000 entries.
>
> - Mike
>
>
> On Mon, Sep 12, 2016 at 5:34 PM, Peter Burdine <pburdine@gmail.com> wrote:
> > Sorry to bring this up again.  I am looking to use this to setup a system
> > that has just over 1000 users.  I am planning on using LDAP for auth, but
> > MySQL for connectivity data.  Does this issue affect the ability for some
> > users to login, or does it just affect the ability to see all of the LDAP
> > users in the admin pages?  I don't see this info in the Jira ticket or PR
> > discussion.
> >
> > Thanks,
> > Peter
> >
> > On Sun, Aug 14, 2016 at 7:17 PM, James Muehlner
> > <james.muehlner@guac-dev.org> wrote:
> >>
> >> Hey Herve,
> >>
> >> I see that you created the pull request and associated ticket. Great!
> >> Let's move the discussion over to Github at this point.
> >>
> >> James
> >>
> >>
> >>
> >> On Sun, Aug 14, 2016 at 8:05 AM, Herve Guehl <herve.guehl@gmail.com>
> >> wrote:
> >>>
> >>> Hi James,
> >>> did my homework (though this was my first time with git :p ).
> >>> The code in itself is not dirty (I hope ;), I just meant that it would
> >>> better to get the results from ldap as mentionned by RFC 2696. But IMHO
> >>> nowadays we can get more than 1000 results using a search in a ldap
> >>> directory...
> >>>
> >>> Hervé
> >>>
> >>>
> >>>
> >>> On Sun, Aug 14, 2016 at 2:54 AM, James Muehlner
> >>> <james.muehlner@guac-dev.org> wrote:
> >>>>
> >>>> Greetings Herve,
> >>>>
> >>>> In order to accept code changes into the project, we'll need a pull
> >>>> request on GitHub, and a corresponding JIRA issue in the Apache JIRA.
> See
> >>>> our contribution guidelines for more information.
> >>>>
> >>>> As a side note, we're always happy to accept code contributions from
> the
> >>>> community, but we do try to make sure that the contributions are
> always up
> >>>> to our code quality standards. If you feel that your patch is a bit
> dirty,
> >>>> it may have to be cleaned up a bit before we're ready to accept it
> upstream.
> >>>>
> >>>> James
> >>>>
> >>>> On Fri, Aug 5, 2016 at 12:45 PM, Herve Guehl <herve.guehl@gmail.com>
> >>>> wrote:
> >>>>>
> >>>>> Hi,
> >>>>> If your active directory contains more than 1000 users in the search
> >>>>> OU, you'll need to :
> >>>>>  - Configure your active directory to extend the MaxPageSize limit
> >>>>> (default 1000)
> >>>>> https://technet.microsoft.com/en-us/library/cc770976%28v=ws.
> 11%29.aspx
> >>>>> - Use the included patch (a bit dirty, as it would be better to
fetch
> >>>>> results according to the max page size, but works for me) :
> >>>>>    - it enable the possibility to get more than 1000 results for
a
> ldap
> >>>>> request for the guacamole-client. You will have to add
> ldap-maxresults: 2000
> >>>>> (or the value you need) in your guacamole.properties file.
> >>>>>
> >>>>> Have fun.
> >>>>> Hervé
> >>>>
> >>>>
> >>>
> >>
> >
>

Mime
View raw message