[
https://issues.apache.org/jira/browse/GUACAMOLE-954?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17985894#comment-17985894
]
sbcbus edited comment on GUACAMOLE-954 at 6/24/25 2:40 PM:
-----------------------------------------------------------
I made a [PR |https://github.com/apache/guacamole-client/pull/1091]to
implement the filter mentioned by [~darkl0rd] with a settings property
(nested-fields: true) to enable since I believe this only works with AD. Seems
to work for me, but testing welcome.
was (Author: JIRAUSER299297):
I made a [PR |https://github.com/apache/guacamole-client/pull/1091]to
implement the filter mentioned by [~darkl0rd] with a settings property to
enable since I believe this only works with AD.
> Add LDAP support for nested user groups
> ---------------------------------------
>
> Key: GUACAMOLE-954
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-954
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-ldap
> Reporter: Nils
> Priority: Minor
>
> As described below, the current LDAP support will query user group
> membership, but only immediate membership. Unlike the database auth, nested
> user groups are not supported. Support for nested user groups should be added.
> Note that while Active Directory supports a specific filter for retrieving
> recursive group memberships, leveraging that would need to be done carefully.
> Other LDAP servers may not support that filter, and an alternative,
> standards-conforming mechanism would need to be used by default. If it is
> possible to automatically detect that the LDAP server supports this, that
> would be ideal. Another option might be to provide some mechanism for
> overriding the filter that Guacamole will use to determine membership.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
