GUACAMOLE-593: Add documentation to new methods, properly escape attribute.

2025-09-06 21:27:40 +00:00 · 2018-07-31 07:57:54 -04:00
parent 343b21aba5
commit 735b22bcf0
3 changed files with 18 additions and 2 deletions
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java
@@ -359,6 +359,17 @@ public class ConfigurationService {
        );
    }
    
+    /**
+     * Returns the name of the LDAP attribute used to enumerate
+     * members in a group, or "member" by default.
+     * 
+     * @return
+     *     The name of the LDAP attribute to use to enumerate
+     *     members in a group.
+     * 
+     * @throws GuacamoleException
+     *     If guacamole.properties connect be parsed.
+     */
    public String getMemberAttribute() throws GuacamoleException {
        return environment.getProperty(
            LDAPGuacamoleProperties.LDAP_MEMBER_ATTRIBUTE,
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java
@@ -216,6 +216,9 @@ public class LDAPGuacamoleProperties {

    };
    
+    /**
+     * LDAP attribute used to enumerate members of a group in the LDAP directory.
+     */
    public static final StringGuacamoleProperty LDAP_MEMBER_ATTRIBUTE = new StringGuacamoleProperty() {
      
        @Override
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
@@ -247,7 +247,8 @@ public class ConnectionService {
        // Add the prefix to the search filter, prefix filter searches for guacConfigGroups with the userDN as the member attribute value
        connectionSearchFilter.append("(&(objectClass=guacConfigGroup)");
        connectionSearchFilter.append("(|(");
-        connectionSearchFilter.append(confService.getMemberAttribute());
+        connectionSearchFilter.append(escapingService.escapeLDAPSearchFilter(
+                confService.getMemberAttribute()));
        connectionSearchFilter.append("=");
        connectionSearchFilter.append(escapingService.escapeLDAPSearchFilter(userDN));
        connectionSearchFilter.append(")");
@@ -261,7 +262,8 @@ public class ConnectionService {
                groupBaseDN,
                LDAPConnection.SCOPE_SUB,
                "(&(!(objectClass=guacConfigGroup))(" 
-                        + confService.getMemberAttribute() 
+                        + escapingService.escapeLDAPSearchFilter(
+                                confService.getMemberAttribute()) 
                        + "=" + escapingService.escapeLDAPSearchFilter(userDN) 
                        + "))",
                null,