guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Help with ldap-user-search-filter and LDAP Query
Date Sun, 25 Nov 2018 21:41:41 GMT
On Tue, Nov 20, 2018 at 3:54 PM Zer0Cool <melin3710@gmail.com> wrote:

> I kind of figured it out. At least the base issue.
>
> ldap-users-search-filter: (memberOf=CN=Domain
> Admins,CN=Users,DC=domain,DC=COM)
>
> Seems to be the proper syntax for the parameter in the guacamole.properties
> file. This pulled in just the members of that group. Removing
> "(&(objectCategory=user" got it working. I am gonna go out on a limb and
> assume it uses something like "objectCategory=*" by default and that's
> pre-pended to any conditions put in by the user causing issues?
>

Well, at least in the current master, the default is just
"(objectClass=*)", and it should be overridden (not appended) if you
specify the parameter in the configuration:

https://github.com/apache/guacamole-client/blob/823bbeace11063b249e3f05c2a1e5c5027107b96/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java#L341-L346

I can confirm this is also how it is for 1.0.0, but not sure off the top of
my head how 0.9.14 behaves.


>
> I am still trying to figure out if I can limit the results just to actual
> users (not critical at this point) and only active users (a bit more
> important to me).
>

Yes, you should be able to with a valid search filter that includes the
object class for user, person, etc.


>
> Overall, I would really just like to figure out the syntax Guac expects for
> this and what options/flexibility/limits it has compared to standard LDAP
> queries.
>

You might try putting Guacamole Client into debug mode and see if you can
figure out where it's choking on the query.  You can find instructions on
this, here:

http://guacamole.apache.org/doc/gug/configuring-guacamole.html#webapp-logging

-Nick

Mime
View raw message