[
https://issues.apache.org/jira/browse/GUACAMOLE-954?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17910927#comment-17910927
]
nick commented on GUACAMOLE-954:
--------------------------------
Seconding this, it would cut out a lot of double-handling in my implementation
where currently group permissions need to be managed in both AD and Guacamole
> Add LDAP support for nested user groups
> ---------------------------------------
>
> Key: GUACAMOLE-954
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-954
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole-auth-ldap
> Reporter: Nils
> Priority: Minor
>
> As described below, the current LDAP support will query user group
> membership, but only immediate membership. Unlike the database auth, nested
> user groups are not supported. Support for nested user groups should be added.
> Note that while Active Directory supports a specific filter for retrieving
> recursive group memberships, leveraging that would need to be done carefully.
> Other LDAP servers may not support that filter, and an alternative,
> standards-conforming mechanism would need to be used by default. If it is
> possible to automatically detect that the LDAP server supports this, that
> would be ideal. Another option might be to provide some mechanism for
> overriding the filter that Guacamole will use to determine membership.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
