GUACAMOLE-996: Add support for configuring group filter.
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/ConfigurationService.java
index 769d4c3..5c7747b 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/ConfigurationService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/ConfigurationService.java
@@ -25,6 +25,7 @@
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.filter.PresenceNode;
import org.apache.directory.api.ldap.model.message.AliasDerefMode;
+import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.Environment;
@@ -322,6 +323,26 @@
}
/**
+ * Returns the search filter that should be used when querying the
+ * LDAP server for Guacamole groups. If no filter is specified,
+ * a default of "(objectClass=group)" is returned.
+ *
+ * @return
+ * The search filter that should be used when querying the
+ * LDAP server for groups that are valid in Guacamole, or
+ * "(objectClass=group)" if not specified.
+ *
+ * @throws GuacamoleException
+ * If guacamole.properties cannot be parsed.
+ */
+ public ExprNode getGroupSearchFilter() throws GuacamoleException {
+ return environment.getProperty(
+ LDAPGuacamoleProperties.LDAP_GROUP_SEARCH_FILTER,
+ new EqualityNode("objectClass","group")
+ );
+ }
+
+ /**
* Returns the maximum number of seconds to wait for LDAP operations.
*
* @return
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java
index 2313629..5bf5cfb 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LDAPGuacamoleProperties.java
@@ -211,6 +211,17 @@
};
/**
+ * A search filter to apply to group LDAP queries.
+ */
+ public static final LdapFilterGuacamoleProperty LDAP_GROUP_SEARCH_FILTER =
+ new LdapFilterGuacamoleProperty() {
+
+ @Override
+ public String getName() { return "ldap-group-search-filter"; }
+
+ };
+
+ /**
* Whether or not we should follow referrals.
*/
public static final BooleanGuacamoleProperty LDAP_FOLLOW_REFERRALS =
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
index 66f4612..2f1fe75 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
@@ -87,9 +87,9 @@
if (confService.getConfigurationBaseDN() != null)
return new NotNode(new EqualityNode("objectClass","guacConfigGroup"));
- // Read any object as a group if LDAP is not being used for connection
- // storage (guacConfigGroup)
- return new PresenceNode("objectClass");
+ // Read objects from LDAP with filter defined by "ldap-group-search-filter"
+ // as a group if LDAP is not being used for connection storage (guacConfigGroup)
+ return confService.getGroupSearchFilter();
}
