guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Herve Guehl <herve.gu...@gmail.com>
Subject Re: LDAPConnection a size limit of 1000 ?
Date Tue, 13 Sep 2016 19:30:54 GMT
Hi,
AFAIK the patch won't be included in 0.9.10

Cheers.
H.


On Tue, Sep 13, 2016 at 8:53 PM, Peter Burdine <pburdine@gmail.com> wrote:

> I thought that was the case.  That just means worst case, I have to create
> the user in the DB manually (with the correct matching user name), then
> assign the connections until 0.9.10 comes out and the limit is increased.
>
> Thanks for the clarification!
>
> On Tue, Sep 13, 2016 at 12:18 AM, Mike Jumper <mike.jumper@guac-dev.org>
> wrote:
>
>> The issue should only affect the ability to see the LDAP users in the
>> admin pages. That's the only place that a query retrieving all users
>> is attempted.
>>
>> The authentication process involves either (1) binding using a DN
>> derived directly from the username provided or (2) binding using a
>> dedicated search DN for the sake of querying the DN of the user having
>> the username provided, and then binding as THAT user. At most,
>> authentication will involve retrieving a single entry; nothing near
>> the default limit of 1000 entries.
>>
>> - Mike
>>
>>
>> On Mon, Sep 12, 2016 at 5:34 PM, Peter Burdine <pburdine@gmail.com>
>> wrote:
>> > Sorry to bring this up again.  I am looking to use this to setup a
>> system
>> > that has just over 1000 users.  I am planning on using LDAP for auth,
>> but
>> > MySQL for connectivity data.  Does this issue affect the ability for
>> some
>> > users to login, or does it just affect the ability to see all of the
>> LDAP
>> > users in the admin pages?  I don't see this info in the Jira ticket or
>> PR
>> > discussion.
>> >
>> > Thanks,
>> > Peter
>> >
>> > On Sun, Aug 14, 2016 at 7:17 PM, James Muehlner
>> > <james.muehlner@guac-dev.org> wrote:
>> >>
>> >> Hey Herve,
>> >>
>> >> I see that you created the pull request and associated ticket. Great!
>> >> Let's move the discussion over to Github at this point.
>> >>
>> >> James
>> >>
>> >>
>> >>
>> >> On Sun, Aug 14, 2016 at 8:05 AM, Herve Guehl <herve.guehl@gmail.com>
>> >> wrote:
>> >>>
>> >>> Hi James,
>> >>> did my homework (though this was my first time with git :p ).
>> >>> The code in itself is not dirty (I hope ;), I just meant that it would
>> >>> better to get the results from ldap as mentionned by RFC 2696. But
>> IMHO
>> >>> nowadays we can get more than 1000 results using a search in a ldap
>> >>> directory...
>> >>>
>> >>> Hervé
>> >>>
>> >>>
>> >>>
>> >>> On Sun, Aug 14, 2016 at 2:54 AM, James Muehlner
>> >>> <james.muehlner@guac-dev.org> wrote:
>> >>>>
>> >>>> Greetings Herve,
>> >>>>
>> >>>> In order to accept code changes into the project, we'll need a pull
>> >>>> request on GitHub, and a corresponding JIRA issue in the Apache
>> JIRA. See
>> >>>> our contribution guidelines for more information.
>> >>>>
>> >>>> As a side note, we're always happy to accept code contributions
from
>> the
>> >>>> community, but we do try to make sure that the contributions are
>> always up
>> >>>> to our code quality standards. If you feel that your patch is a
bit
>> dirty,
>> >>>> it may have to be cleaned up a bit before we're ready to accept
it
>> upstream.
>> >>>>
>> >>>> James
>> >>>>
>> >>>> On Fri, Aug 5, 2016 at 12:45 PM, Herve Guehl <herve.guehl@gmail.com>
>> >>>> wrote:
>> >>>>>
>> >>>>> Hi,
>> >>>>> If your active directory contains more than 1000 users in the
search
>> >>>>> OU, you'll need to :
>> >>>>>  - Configure your active directory to extend the MaxPageSize
limit
>> >>>>> (default 1000)
>> >>>>> https://technet.microsoft.com/en-us/library/cc770976%28v=ws.
>> 11%29.aspx
>> >>>>> - Use the included patch (a bit dirty, as it would be better
to
>> fetch
>> >>>>> results according to the max page size, but works for me) :
>> >>>>>    - it enable the possibility to get more than 1000 results
for a
>> ldap
>> >>>>> request for the guacamole-client. You will have to add
>> ldap-maxresults: 2000
>> >>>>> (or the value you need) in your guacamole.properties file.
>> >>>>>
>> >>>>> Have fun.
>> >>>>> Hervé
>> >>>>
>> >>>>
>> >>>
>> >>
>> >
>>
>
>

Mime
View raw message