guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: AD/LDAP Old/Disabled Users Still Listed?
Date Fri, 14 Jun 2019 23:42:54 GMT
On Fri, Jun 14, 2019, 14:35 sciUser <shulbert@securitycentric.net> wrote:

> Yes, you are correct this is because Guacamole is Linux based, if you force
> non-case sensitive on the Linux system for LDAP, this will break the
> security of the box.  I have found it best to have a parse interpreter
> taking upper case make them lower when talking to Linux.


I wouldn't say this breaks security, nor is this due to the Guacamole
server running on Linux. The auth system of Guacamole is completely
independent of the server's OS.

There is no current option for this in Guacamole specifically, but if the
administrator of the systems involved were to decide "usernames are case
insensitive in my domain", that's a perfectly valid means of defining
identity. All that matters is that the systems that deal with that identity
are consistent in their definition.

- Mike

Mime
View raw message