guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: LDAPConnection a size limit of 1000 ?
Date Tue, 13 Sep 2016 07:18:30 GMT
The issue should only affect the ability to see the LDAP users in the
admin pages. That's the only place that a query retrieving all users
is attempted.

The authentication process involves either (1) binding using a DN
derived directly from the username provided or (2) binding using a
dedicated search DN for the sake of querying the DN of the user having
the username provided, and then binding as THAT user. At most,
authentication will involve retrieving a single entry; nothing near
the default limit of 1000 entries.

- Mike


On Mon, Sep 12, 2016 at 5:34 PM, Peter Burdine <pburdine@gmail.com> wrote:
> Sorry to bring this up again.  I am looking to use this to setup a system
> that has just over 1000 users.  I am planning on using LDAP for auth, but
> MySQL for connectivity data.  Does this issue affect the ability for some
> users to login, or does it just affect the ability to see all of the LDAP
> users in the admin pages?  I don't see this info in the Jira ticket or PR
> discussion.
>
> Thanks,
> Peter
>
> On Sun, Aug 14, 2016 at 7:17 PM, James Muehlner
> <james.muehlner@guac-dev.org> wrote:
>>
>> Hey Herve,
>>
>> I see that you created the pull request and associated ticket. Great!
>> Let's move the discussion over to Github at this point.
>>
>> James
>>
>>
>>
>> On Sun, Aug 14, 2016 at 8:05 AM, Herve Guehl <herve.guehl@gmail.com>
>> wrote:
>>>
>>> Hi James,
>>> did my homework (though this was my first time with git :p ).
>>> The code in itself is not dirty (I hope ;), I just meant that it would
>>> better to get the results from ldap as mentionned by RFC 2696. But IMHO
>>> nowadays we can get more than 1000 results using a search in a ldap
>>> directory...
>>>
>>> Hervé
>>>
>>>
>>>
>>> On Sun, Aug 14, 2016 at 2:54 AM, James Muehlner
>>> <james.muehlner@guac-dev.org> wrote:
>>>>
>>>> Greetings Herve,
>>>>
>>>> In order to accept code changes into the project, we'll need a pull
>>>> request on GitHub, and a corresponding JIRA issue in the Apache JIRA. See
>>>> our contribution guidelines for more information.
>>>>
>>>> As a side note, we're always happy to accept code contributions from the
>>>> community, but we do try to make sure that the contributions are always up
>>>> to our code quality standards. If you feel that your patch is a bit dirty,
>>>> it may have to be cleaned up a bit before we're ready to accept it upstream.
>>>>
>>>> James
>>>>
>>>> On Fri, Aug 5, 2016 at 12:45 PM, Herve Guehl <herve.guehl@gmail.com>
>>>> wrote:
>>>>>
>>>>> Hi,
>>>>> If your active directory contains more than 1000 users in the search
>>>>> OU, you'll need to :
>>>>>  - Configure your active directory to extend the MaxPageSize limit
>>>>> (default 1000)
>>>>> https://technet.microsoft.com/en-us/library/cc770976%28v=ws.11%29.aspx
>>>>> - Use the included patch (a bit dirty, as it would be better to fetch
>>>>> results according to the max page size, but works for me) :
>>>>>    - it enable the possibility to get more than 1000 results for a ldap
>>>>> request for the guacamole-client. You will have to add ldap-maxresults:
2000
>>>>> (or the value you need) in your guacamole.properties file.
>>>>>
>>>>> Have fun.
>>>>> Hervé
>>>>
>>>>
>>>
>>
>

Mime
View raw message