guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Omar Sandoval <>
Subject Re: LDAP and administrator functions
Date Tue, 15 Nov 2016 21:42:49 GMT
Ah, I see now. In the beginning I had to create a database user with the
same username as my LDAP user and then I granted that database user the
appropriate permissions. I'm using a different LDAP account to query users
so if I log in as guacadmin right now I'm only able to see the database
users. It makes sense now. Sorry for the confusion!

On Tue, Nov 15, 2016 at 1:08 PM Mike Jumper <>

> On Tue, Nov 15, 2016 at 12:53 PM, Omar Sandoval <> wrote:
> For my installation I just logged in as guacadmin and granted my LDAP user
> the appropriate permissions. It wasn't necessary for the account to exist
> in both the database and LDAP.
> Granting a user permissions in that manner actually does create a
> corresponding user within the database. The user interface simply unifies
> the data associated with both accounts, using the username to determine
> identity.
> If you were able to see LDAP users within the list, then one of the
> following must be true: (1) those users were manually created having the
> same usernames as users that happened to exist in LDAP already, or (2) the
> guacadmin user existed in LDAP, and thus the LDAP auth was able to pull the
> user list by binding with the provided credentials. The only way that
> Guacamole is able to pull users from LDAP is through using your provided
> credentials (in this the username "guacadmin" and your password) to bind to
> LDAP and issue a query. If that isn't the case, then those users can only
> be there if they were manually placed there independently of LDAP.
> - Mike

View raw message