guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nick Couchman (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GUACAMOLE-284) When using ldap with MySQL backend "Account Restrictions" doesn't work
Date Mon, 22 May 2017 16:56:04 GMT

    [ https://issues.apache.org/jira/browse/GUACAMOLE-284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019817#comment-16019817
] 

Nick Couchman commented on GUACAMOLE-284:
-----------------------------------------

It sounds like maybe there's some confusion or missing information with how you have authentication
set up.  Do you have MySQL authentication only, or are you layering MySQL with LDAP?  Based
on your description it sounds like you're doing the later, and, the way authentication layering
currently works in Guacamole, disabling the account will only disable authentication of the
account via the database module, it won't actually block a login, as authentication will succeed
via the LDAP module.  When authentication succeeds, the user will be logged in, and then the
user's permissions will be aggregated from other authentication sources that contain the same
username.

So, disabled, time restrictions, and account expiration settings inside the database modules
will not impact logins that happen via another module when multiple modules are layered.

> When using ldap with MySQL backend "Account Restrictions" doesn't work
> ----------------------------------------------------------------------
>
>                 Key: GUACAMOLE-284
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-284
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-jdbc-mysql, guacamole-auth-ldap, guacamole-client
>    Affects Versions: 0.9.12-incubating
>            Reporter: Mark van den Boogaard
>
> When using LDAP authentication and a MySQL backend the options under "Account Restrictions"
are not working.
> When we set the option "Disabled" or "Enable/Disable account after" this has no effect.
> For us the users who managing Guacamole (users and connections) do not have access to
LDAP to enable/disable accounts. So it would be nice to do have these options working when
using LDAP authentication with MySQL



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message