[
https://issues.apache.org/jira/browse/GUACAMOLE-536?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nick Couchman updated GUACAMOLE-536:
------------------------------------
Fix Version/s: 1.6.0
> Add support for arbitrary LDAP bind patterns
> --------------------------------------------
>
> Key: GUACAMOLE-536
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-536
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-auth-ldap
> Reporter: Joseph L. Casale
> Assignee: Nick Couchman
> Priority: Minor
> Fix For: 1.6.0
>
>
> The current LDAP authentication scheme can recursively search the base DN
> only when a bind DN is used. When biding with the user attempting to log on,
> the bind DN format pattern is not exposed through configuration which imposes
> unnatural restrictions forcing the user to exist in a single container.
> If the format pattern was exposed for configuration, for DSA's which allow
> flexible bind patterns such as Active Directory, configuration could allow
> "DOMAIN
> %s" or "%[email protected]" and for those DSA's which do not, you would simply
> configure the restrictive full DN as the pattern.
> The use case is that we use Active Directory anddo not allow bind accounts so
> the restriction prevents all users from accessing the application as our
> topology is not flat (we need to pick a single container therefor excluding
> everyone else).
> A working Java implementation of an LDAP auth scheme that facilitates this is
> [Gitblit|http://gitblit.com/properties.html], see theĀ realm.ldap.*
> configuration properties. Setting the bind pattern to the UPN such as:
> {code:java}
> realm.ldap.bindpattern = ${username}@domain.com
> {code}
> allows the flexible configuration in our Active Directory environment.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
