Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B9393200B81 for ; Tue, 13 Sep 2016 21:31:01 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id B7C9B160AD2; Tue, 13 Sep 2016 19:31:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B3668160AAA for ; Tue, 13 Sep 2016 21:31:00 +0200 (CEST) Received: (qmail 55131 invoked by uid 500); 13 Sep 2016 19:30:59 -0000 Mailing-List: contact user-help@guacamole.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.incubator.apache.org Delivered-To: mailing list user@guacamole.incubator.apache.org Received: (qmail 55121 invoked by uid 99); 13 Sep 2016 19:30:59 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Sep 2016 19:30:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 7E7D2187920 for ; Tue, 13 Sep 2016 19:30:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 4aN4o4Q9XyDt for ; Tue, 13 Sep 2016 19:30:56 +0000 (UTC) Received: from mail-wm0-f51.google.com (mail-wm0-f51.google.com [74.125.82.51]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id F418A5FBC7 for ; Tue, 13 Sep 2016 19:30:55 +0000 (UTC) Received: by mail-wm0-f51.google.com with SMTP id c131so130211359wmh.0 for ; Tue, 13 Sep 2016 12:30:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=qpe17XRDDz77cE3/YJ6TgcOIn91UrCuNe/PgHcjM+3c=; b=TmwcpQu6p5McCJ3S8i6ortb3WvyTuDcOgxTqQLHYI8HIwyFSLo5WSiABo8NRcGvs+P WpgJlWDoVqLS3vA71rX3tj5/QgNVr6EWNuDJvDnyPwlEZjvdDcXo8Soo1D+B3KzQ8GGM t1m9dnAKc5E+hJlnc1DKqyqL0nMKcQOiDOflSrMnfwcUYDek4PUNQRM+riog+2baqS5U rLD7Cstqaj5et7Ni5AG4LTtuXbNHg4we2sFHqttI/Nn65UqzXrDJTQCPRSh5lZe23Rqq U1WK7LsW3Qy1Fwyzcnko3XHy+I0g7ghN/mzX2i5cBaw8GC+xJPwYFyC6x8rLPQU9+auW kSuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=qpe17XRDDz77cE3/YJ6TgcOIn91UrCuNe/PgHcjM+3c=; b=ieJ/qZoaukcLm8NWPYBxmOi32mwcjResNUaQ8GIyRCIrM1iGrc4RwqtgpLpr37ERDd iplwVYla6BY1bR0SF67xw0TVcpJ0zs9+6FFvJEF8LMnzCisVcJtYnrxXcNULWhLicZ/v 62d7+GzJ1g23ZPCEnZKW47jSeD2IoRhw/ZtOI4neuVV2nEkvQPDjf6gPWp9CrI6OrP/k WtLi6zA6SfFBHIpIn6K2KvjhqqytpEPhhRIS1UFDXo2Mt9AQ2k1vn/AalB3Ar4XyZdyz qqIcFAl2yyO0UGAX8Cy8mpNu/BcI4U9rGuyMYW6dzgVk6kEDB5Z6Xf9SE445gN2gcxTp s1TQ== X-Gm-Message-State: AE9vXwOAum5NLrrVMppINOYTYPLR55i+ZyiixnDdR19V63R/FBPGkmgXtryNmU8MeiaAxwiZ6k65IwZYLznrkQ== X-Received: by 10.28.52.73 with SMTP id b70mr7146617wma.109.1473795054654; Tue, 13 Sep 2016 12:30:54 -0700 (PDT) MIME-Version: 1.0 Received: by 10.28.49.3 with HTTP; Tue, 13 Sep 2016 12:30:54 -0700 (PDT) In-Reply-To: References: From: Herve Guehl Date: Tue, 13 Sep 2016 21:30:54 +0200 Message-ID: Subject: Re: LDAPConnection a size limit of 1000 ? To: user@guacamole.incubator.apache.org Content-Type: multipart/alternative; boundary=001a11436bf2b481aa053c68a673 archived-at: Tue, 13 Sep 2016 19:31:01 -0000 --001a11436bf2b481aa053c68a673 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi, AFAIK the patch won't be included in 0.9.10 Cheers. H. On Tue, Sep 13, 2016 at 8:53 PM, Peter Burdine wrote: > I thought that was the case. That just means worst case, I have to creat= e > the user in the DB manually (with the correct matching user name), then > assign the connections until 0.9.10 comes out and the limit is increased. > > Thanks for the clarification! > > On Tue, Sep 13, 2016 at 12:18 AM, Mike Jumper > wrote: > >> The issue should only affect the ability to see the LDAP users in the >> admin pages. That's the only place that a query retrieving all users >> is attempted. >> >> The authentication process involves either (1) binding using a DN >> derived directly from the username provided or (2) binding using a >> dedicated search DN for the sake of querying the DN of the user having >> the username provided, and then binding as THAT user. At most, >> authentication will involve retrieving a single entry; nothing near >> the default limit of 1000 entries. >> >> - Mike >> >> >> On Mon, Sep 12, 2016 at 5:34 PM, Peter Burdine >> wrote: >> > Sorry to bring this up again. I am looking to use this to setup a >> system >> > that has just over 1000 users. I am planning on using LDAP for auth, >> but >> > MySQL for connectivity data. Does this issue affect the ability for >> some >> > users to login, or does it just affect the ability to see all of the >> LDAP >> > users in the admin pages? I don't see this info in the Jira ticket or >> PR >> > discussion. >> > >> > Thanks, >> > Peter >> > >> > On Sun, Aug 14, 2016 at 7:17 PM, James Muehlner >> > wrote: >> >> >> >> Hey Herve, >> >> >> >> I see that you created the pull request and associated ticket. Great! >> >> Let's move the discussion over to Github at this point. >> >> >> >> James >> >> >> >> >> >> >> >> On Sun, Aug 14, 2016 at 8:05 AM, Herve Guehl >> >> wrote: >> >>> >> >>> Hi James, >> >>> did my homework (though this was my first time with git :p ). >> >>> The code in itself is not dirty (I hope ;), I just meant that it wou= ld >> >>> better to get the results from ldap as mentionned by RFC 2696. But >> IMHO >> >>> nowadays we can get more than 1000 results using a search in a ldap >> >>> directory... >> >>> >> >>> Herv=C3=A9 >> >>> >> >>> >> >>> >> >>> On Sun, Aug 14, 2016 at 2:54 AM, James Muehlner >> >>> wrote: >> >>>> >> >>>> Greetings Herve, >> >>>> >> >>>> In order to accept code changes into the project, we'll need a pull >> >>>> request on GitHub, and a corresponding JIRA issue in the Apache >> JIRA. See >> >>>> our contribution guidelines for more information. >> >>>> >> >>>> As a side note, we're always happy to accept code contributions fro= m >> the >> >>>> community, but we do try to make sure that the contributions are >> always up >> >>>> to our code quality standards. If you feel that your patch is a bit >> dirty, >> >>>> it may have to be cleaned up a bit before we're ready to accept it >> upstream. >> >>>> >> >>>> James >> >>>> >> >>>> On Fri, Aug 5, 2016 at 12:45 PM, Herve Guehl >> >>>> wrote: >> >>>>> >> >>>>> Hi, >> >>>>> If your active directory contains more than 1000 users in the sear= ch >> >>>>> OU, you'll need to : >> >>>>> - Configure your active directory to extend the MaxPageSize limit >> >>>>> (default 1000) >> >>>>> https://technet.microsoft.com/en-us/library/cc770976%28v=3Dws. >> 11%29.aspx >> >>>>> - Use the included patch (a bit dirty, as it would be better to >> fetch >> >>>>> results according to the max page size, but works for me) : >> >>>>> - it enable the possibility to get more than 1000 results for a >> ldap >> >>>>> request for the guacamole-client. You will have to add >> ldap-maxresults: 2000 >> >>>>> (or the value you need) in your guacamole.properties file. >> >>>>> >> >>>>> Have fun. >> >>>>> Herv=C3=A9 >> >>>> >> >>>> >> >>> >> >> >> > >> > > --001a11436bf2b481aa053c68a673 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,
AFAIK the patch won't be includ= ed in 0.9.10

Cheers.
H.

=

On Tue, Sep 13, 2= 016 at 8:53 PM, Peter Burdine <pburdine@gmail.com> wrote:
I thought that was t= he case.=C2=A0 That just means worst case, I have to create the user in the= DB manually (with the correct matching user name), then assign the connect= ions until 0.9.10 comes out and the limit is increased.

Thanks= for the clarification!

On Tue, Sep 13, 2016 at 12:18 AM, Mike Jumper <mik= e.jumper@guac-dev.org> wrote:
The issue should only affect the ability to see the LDAP users in the admin pages. That's the only place that a query retrieving all users is attempted.

The authentication process involves either (1) binding using a DN
derived directly from the username provided or (2) binding using a
dedicated search DN for the sake of querying the DN of the user having
the username provided, and then binding as THAT user. At most,
authentication will involve retrieving a single entry; nothing near
the default limit of 1000 entries.

- Mike


On Mon, Sep 12, 2016 at 5:34 PM, Peter Burdine <pburdine@gmail.com> wrote:
> Sorry to bring this up again.=C2=A0 I am looking to use this to setup = a system
> that has just over 1000 users.=C2=A0 I am planning on using LDAP for a= uth, but
> MySQL for connectivity data.=C2=A0 Does this issue affect the ability = for some
> users to login, or does it just affect the ability to see all of the L= DAP
> users in the admin pages?=C2=A0 I don't see this info in the Jira = ticket or PR
> discussion.
>
> Thanks,
> Peter
>
> On Sun, Aug 14, 2016 at 7:17 PM, James Muehlner
> <j= ames.muehlner@guac-dev.org> wrote:
>>
>> Hey Herve,
>>
>> I see that you created the pull request and associated ticket. Gre= at!
>> Let's move the discussion over to Github at this point.
>>
>> James
>>
>>
>>
>> On Sun, Aug 14, 2016 at 8:05 AM, Herve Guehl <herve.guehl@gmail.com>
>> wrote:
>>>
>>> Hi James,
>>> did my homework (though this was my first time with git :p ).<= br> >>> The code in itself is not dirty (I hope ;), I just meant that = it would
>>> better to get the results from ldap as mentionned by RFC 2696.= But IMHO
>>> nowadays we can get more than 1000 results using a search in a= ldap
>>> directory...
>>>
>>> Herv=C3=A9
>>>
>>>
>>>
>>> On Sun, Aug 14, 2016 at 2:54 AM, James Muehlner
>>> <james.muehlner@guac-dev.org> wrote:
>>>>
>>>> Greetings Herve,
>>>>
>>>> In order to accept code changes into the project, we'l= l need a pull
>>>> request on GitHub, and a corresponding JIRA issue in the A= pache JIRA. See
>>>> our contribution guidelines for more information.
>>>>
>>>> As a side note, we're always happy to accept code cont= ributions from the
>>>> community, but we do try to make sure that the contributio= ns are always up
>>>> to our code quality standards. If you feel that your patch= is a bit dirty,
>>>> it may have to be cleaned up a bit before we're ready = to accept it upstream.
>>>>
>>>> James
>>>>
>>>> On Fri, Aug 5, 2016 at 12:45 PM, Herve Guehl <herve.guehl@gmail.com>
>>>> wrote:
>>>>>
>>>>> Hi,
>>>>> If your active directory contains more than 1000 users= in the search
>>>>> OU, you'll need to :
>>>>>=C2=A0 - Configure your active directory to extend the = MaxPageSize limit
>>>>> (default 1000)
>>>>> https:/= /technet.microsoft.com/en-us/library/cc770976%28v=3Dws.11%29.aspx=
>>>>> - Use the included patch (a bit dirty, as it would be = better to fetch
>>>>> results according to the max page size, but works for = me) :
>>>>>=C2=A0 =C2=A0 - it enable the possibility to get more t= han 1000 results for a ldap
>>>>> request for the guacamole-client. You will have to add= ldap-maxresults: 2000
>>>>> (or the value you need) in your guacamole.properties f= ile.
>>>>>
>>>>> Have fun.
>>>>> Herv=C3=A9
>>>>
>>>>
>>>
>>
>


--001a11436bf2b481aa053c68a673--