guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ă–sth Mikael <Mikael.O...@tillvaxtanalys.se>
Subject RE: LDAP and MySQL, single connection
Date Tue, 23 Aug 2016 06:33:52 GMT
Hi

The seeAlso attribute does not seems to work. I have added an AD group to that attribute on
my connection in AD. But the users belonging to that group does not get the connection when
logged in to Guacamole.
Single users added to member attribute works, but not groups added to seeAlso.
I have updated guacd, guacamole.war and both ldap and mysql extensions to latest GIT-versions.
I am using ADS edit to edit my connections attributes.

Best Regards
Mikael Osth

From: Mike Jumper [mailto:mike.jumper@guac-dev.org]
Sent: den 3 augusti 2016 08:35
To: user@guacamole.incubator.apache.org
Subject: Re: LDAP and MySQL, single connection

On Tue, Aug 2, 2016 at 1:33 AM, Bastiaan van Haastrecht <b.vanhaastrecht@gmail.com<mailto:b.vanhaastrecht@gmail.com>>
wrote:
Hello again,

I'm trying to find a solution for the folowing. I have my LDAP users in the GUAC settings
portal. Currently I need to go into each user and assign an connection to the user, this is
very time consuming and not automatic if a new user should be added to the LDAP directory.

I would like to assign an connection to all existing and all new-to-come LDAP users. Like
an auto provisioning rule based on LDAP group membership or other paramters. Is this posible?


With a build of Guacamole from git, yes. Support for role-based access control was added after
the 0.9.9 release and prior to its acceptance into the Apache Incubator:

https://issues.apache.org/jira/browse/GUACAMOLE-12

You can add groups as members of a guacConfigGroup using the "seeAlso" attribute. Users which
are members of those groups will then have access to the connections described by any associated
guacConfigGroups.

- Mike

Mime
View raw message