safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-996: Always apply LDAP group filter, regardless of whether "ldap-config-base-dn" is set.

Browse Source
This commit is contained in:
Michael Jumper
2021-07-26 02:19:56 -07:00
parent 38c03ddfd7
commit 962696199a
1 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
View File

@@ -28,10 +28,10 @@ import java.util.Map;
import java.util.Set;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.filter.AndNode;
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.filter.NotNode;
import org.apache.directory.api.ldap.model.filter.PresenceNode;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
@@ -81,16 +81,22 @@ public class UserGroupService {
*/
private ExprNode getGroupSearchFilter() throws GuacamoleException {
// Use filter defined by "ldap-group-search-filter" as basis for all
// retrieval of user groups
ExprNode groupFilter = confService.getGroupSearchFilter();
// Explicitly exclude guacConfigGroup object class only if it should
// be assumed to be defined (query may fail due to no such object
// class existing otherwise)
if (confService.getConfigurationBaseDN() != null)
return new NotNode(new EqualityNode("objectClass","guacConfigGroup"));
// Read objects from LDAP with filter defined by "ldap-group-search-filter"
// as a group if LDAP is not being used for connection storage (guacConfigGroup)
return confService.getGroupSearchFilter();
if (confService.getConfigurationBaseDN() != null) {
groupFilter = new AndNode(
groupFilter,
new NotNode(new EqualityNode<String>("objectClass", "guacConfigGroup"))
);
}
return groupFilter;
}
/**