mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 05:07:41 +00:00
GUACAMOLE-996: Always apply LDAP group filter, regardless of whether "ldap-config-base-dn" is set.
This commit is contained in:
Michael Jumper
@@ -28,10 +28,10 @@ import java.util.Map;
|
|||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import org.apache.directory.api.ldap.model.entry.Entry;
|
import org.apache.directory.api.ldap.model.entry.Entry;
|
||||||
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
|
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
|
||||||
|
import org.apache.directory.api.ldap.model.filter.AndNode;
|
||||||
import org.apache.directory.api.ldap.model.filter.EqualityNode;
|
import org.apache.directory.api.ldap.model.filter.EqualityNode;
|
||||||
import org.apache.directory.api.ldap.model.filter.ExprNode;
|
import org.apache.directory.api.ldap.model.filter.ExprNode;
|
||||||
import org.apache.directory.api.ldap.model.filter.NotNode;
|
import org.apache.directory.api.ldap.model.filter.NotNode;
|
||||||
import org.apache.directory.api.ldap.model.filter.PresenceNode;
|
|
||||||
import org.apache.directory.api.ldap.model.name.Dn;
|
import org.apache.directory.api.ldap.model.name.Dn;
|
||||||
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
|
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
|
||||||
import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
|
import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
|
||||||
@@ -81,16 +81,22 @@ public class UserGroupService {
|
|||||||
*/
|
*/
|
||||||
private ExprNode getGroupSearchFilter() throws GuacamoleException {
|
private ExprNode getGroupSearchFilter() throws GuacamoleException {
|
||||||
|
|
||||||
|
// Use filter defined by "ldap-group-search-filter" as basis for all
|
||||||
|
// retrieval of user groups
|
||||||
|
ExprNode groupFilter = confService.getGroupSearchFilter();
|
||||||
|
|
||||||
// Explicitly exclude guacConfigGroup object class only if it should
|
// Explicitly exclude guacConfigGroup object class only if it should
|
||||||
// be assumed to be defined (query may fail due to no such object
|
// be assumed to be defined (query may fail due to no such object
|
||||||
// class existing otherwise)
|
// class existing otherwise)
|
||||||
if (confService.getConfigurationBaseDN() != null)
|
if (confService.getConfigurationBaseDN() != null) {
|
||||||
return new NotNode(new EqualityNode("objectClass","guacConfigGroup"));
|
groupFilter = new AndNode(
|
||||||
|
groupFilter,
|
||||||
// Read objects from LDAP with filter defined by "ldap-group-search-filter"
|
new NotNode(new EqualityNode<String>("objectClass", "guacConfigGroup"))
|
||||||
// as a group if LDAP is not being used for connection storage (guacConfigGroup)
|
);
|
||||||
return confService.getGroupSearchFilter();
|
}
|
||||||
|
|
||||||
|
return groupFilter;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user