Filter Linux hosts out from desktop LDAP discovery results (#47773)

Domain joined Linux hosts (including those used for Teleport's db_service with MS SQL) won't support RDP, so prevent them from being discovered and registered with Teleport. Closes #14116
gravitational · Oct 21, 2024 · 0b67ee6 · 0b67ee6
1 parent 65f48ff
commit 0b67ee6
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/lib/srv/desktop/discovery.go b/lib/srv/desktop/discovery.go
@@ -262,6 +262,10 @@ func (s *WindowsService) ldapEntryToWindowsDesktop(ctx context.Context, entry *l
 	labels[types.DiscoveryLabelWindowsDomain] = s.cfg.Domain
 	s.applyLabelsFromLDAP(entry, labels)
 
+	if os, ok := labels[types.DiscoveryLabelWindowsOS]; ok && strings.Contains(os, "linux") {
+		return nil, trace.BadParameter("LDAP entry looks like a Linux host")
+	}
+
 	addrs, err := s.lookupDesktop(ctx, hostname)
 	if err != nil || len(addrs) == 0 {
 		return nil, trace.WrapWithMessage(err, "couldn't resolve %q", hostname)