guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: LDAP and administrator functions
Date Tue, 15 Nov 2016 21:08:05 GMT
On Tue, Nov 15, 2016 at 12:53 PM, Omar Sandoval <omgarsc@gmail.com> wrote:

> For my installation I just logged in as guacadmin and granted my LDAP user
> the appropriate permissions. It wasn't necessary for the account to exist
> in both the database and LDAP.
>
>
Granting a user permissions in that manner actually does create a
corresponding user within the database. The user interface simply unifies
the data associated with both accounts, using the username to determine
identity.

If you were able to see LDAP users within the list, then one of the
following must be true: (1) those users were manually created having the
same usernames as users that happened to exist in LDAP already, or (2) the
guacadmin user existed in LDAP, and thus the LDAP auth was able to pull the
user list by binding with the provided credentials. The only way that
Guacamole is able to pull users from LDAP is through using your provided
credentials (in this the username "guacadmin" and your password) to bind to
LDAP and issue a query. If that isn't the case, then those users can only
be there if they were manually placed there independently of LDAP.

- Mike

Mime
View raw message