Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Duplicate
-
1.0.0
-
None
-
None
Description
I'm running into an issue that prevents me from logging in with LDAP authentication configured, which I assume to be the actual source of as well (which is why I originally commented on the closed issue before I decided to create a new one in the end).GUACAMOLE-687
The login page error message I'm facing is:
Unable to query list of objects from LDAP directory.
which I assume stems from here in the new ObjectQueryService. There is nothing in the log indicating the source of this error, a debug log shows the line produced here and nothing more.
This seems to be a problem with the size of the result as limiting the potential results via a restrictive ldap-user-search-filter fixes the issue.
After digging through the code to confirm that nothing has changed fundamentally about the way LDAP queries are performed, I noticed that in version 0.9.14, the same scenario triggered a warning via this catch block, allowing the login process to continue normally, while it appears that in 1.0.0, the exception will prevent a login altogether.
I was unable to work around this by increasing ldap-max-search-results, which might be related to a separate issue (GUACAMOLE-299). As it stands, this means that I will not be able to use version 1.0.0 without maintaining a continuously updated ldap-user-search-filter, unless I'm missing something here.
If this change was by design, I must say that I do not agree with the decision as long as ldap-max-search-results is buggy, as I don't see any problems with the old behavior: As long as the user can be successfully authenticated against LDAP, the only shortcoming was that the user listing in the web interface was incomplete, which is an annoyance at best.
Attachments
Issue Links
- duplicates
-
GUACAMOLE-717 LDAP authentication fails if search result count exceeds ldap-max-search-result
- Resolved