guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Pattrick <>
Subject RE: LDAP_USER_BASE_DN pointing to an AD Security Group
Date Wed, 07 Jun 2017 10:54:41 GMT
Hi Marco,

Thanks for your reply. That's exactly what I would like to do but unfortunately I am running
guacamole in docker so I'm not sure I can use this patch very easily. Hopefully this will
find it's way into the official docker image.

Cheers Andy

From: Marco Casavecchia Morganti []
Sent: 07 June 2017 10:37
Subject: Re: LDAP_USER_BASE_DN pointing to an AD Security Group

I developed a small patch for the guacamole-auth-ldap extension that allows you to specify
in the a new property: ldap-users-filter.

Basically if you apply the patch, you can add an LDAP condition that must be satisfied by
the users to become guacamole users. So if you set it as something like this:
ldap-users-filter: memberOf=CN=Guacamole,OU=Service Gropus,OU=Domain,DC=my,DC=lan
only the users that belongs to the specified group will be listed in the guacamole interface
and will be allowed to access Guacamole.

At that time I tried to submit the patch to the developers but I wasn’t able to set up the
whole environment needed to do that, so I gave up, hoping that my patch would be added by
someone else sooner or later.

The patch is very simple and you can find it attached to this mail.
I applied it successfully to the latest incubating releases (0.9.11 and 0.9.12), I hope it
will be helpful.

Best Regards


Click here<!VSk!WK!fyLIztD8HOcrfMeL1fPjw==>
to report this email as spam.

View raw message