guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Östh Mikael <Mikael.O...@tillvaxtanalys.se>
Subject RE: Map LDAP goups to connections
Date Thu, 02 Jun 2016 06:16:51 GMT
Thank you for the prompt reply. Then I guess the only way for us to bulk manage users is via
AD schema modification or by editing the MySQL database directly?

Best Regards
Mikael Osth

From: Mike Jumper [mailto:mike.jumper@guac-dev.org]
Sent: den 2 juni 2016 05:33
To: user@guacamole.incubator.apache.org
Subject: Re: Map LDAP goups to connections


On May 31, 2016 5:34 AM, "Östh Mikael" <Mikael.Osth@tillvaxtanalys.se<mailto:Mikael.Osth@tillvaxtanalys.se>>
wrote:
>
> Hi
>
> I have Guacamole set up with both MySQL and LDAP (MS AD) authentication. The guacadmin
user is also in AD so LDAP users and groups are populated in WebGUI.
>
> I would like to make so that everyone that is member of an AD group gets a specific connection
profile.
>
> But when I map a connection to this populated AD group, its members are still not getting
the connection when they login.
>
> The only way I can map a user to a connection is to open every individually user and
set its connection, that cannot be the intended way?
>

Hi Mikael,

The prescribed way to control access to connections using LDAP groups is via the LDAP schema
modifications:

http://guacamole.incubator.apache.org/doc/gug/ldap-auth.html#ldap-schema-changes

This level of control is currently provided only by the LDAP backend, mainly because the extension
API does not yet represent user groups.

Supporting groups within Guacamole in general is planned, and so this should be possible with
the MySQL/PostgreSQL backends eventually, but for the time being the best way to accomplish
this is through using purely LDAP.

Thanks,

- Mike
Mime
View raw message