Mailing-List: contact user-help@guacamole.incubator.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@guacamole.incubator.apache.org
From: Andy Pattrick <andy.pattrick@horiba.com>
To: "user@guacamole.incubator.apache.org" <user@guacamole.incubator.apache.org>
Subject: RE: LDAP_USER_BASE_DN pointing to an AD Security Group
Thread-Topic: LDAP_USER_BASE_DN pointing to an AD Security Group
Thread-Index: AQHS3syOzlO7nf/DZ0SUjDON5i3RBaIYzfuAgABHwBH///9DAIAAJb8n
Date: Wed, 7 Jun 2017 10:54:41 +0000
Message-ID: <0B640BC754C823498D4BFFC8F94A25F601E2E430@SRHDC1.SRH.local>
References: <0B640BC754C823498D4BFFC8F94A25F601E2DCB6@SRHDC1.SRH.local>
 <7836d37b-de1c-599f-b9d2-bf8d6bcf62f5@pcfreak.de>
 <0B640BC754C823498D4BFFC8F94A25F601E2E359@SRHDC1.SRH.local>,<16F07919-C528-4AAB-B3CE-5774F2F1267A@ospedaliriuniti.marche.it>
In-Reply-To: <16F07919-C528-4AAB-B3CE-5774F2F1267A@ospedaliriuniti.marche.it>
Accept-Language: en-GB, en-US
Content-Language: en-GB
Content-Type: multipart/alternative;
	boundary="_000_0B640BC754C823498D4BFFC8F94A25F601E2E430SRHDC1SRHlocal_"
MIME-Version: 1.0
archived-at: Wed, 07 Jun 2017 10:55:04 -0000

--_000_0B640BC754C823498D4BFFC8F94A25F601E2E430SRHDC1SRHlocal_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

Hi Marco,


Thanks for your reply. That's exactly what I would like to do but unfortuna=
tely I am running guacamole in docker so I'm not sure I can use this patch =
very easily. Hopefully this will find it's way into the official docker ima=
ge.


Cheers Andy


________________________________
From: Marco Casavecchia Morganti [marco.casavecchia@ospedaliriuniti.marche.=
it]
Sent: 07 June 2017 10:37
To: user@guacamole.incubator.apache.org
Subject: Re: LDAP_USER_BASE_DN pointing to an AD Security Group

Hello,
I developed a small patch for the guacamole-auth-ldap extension that allows=
 you to specify in the guacamole.properties a new property: ldap-users-filt=
er.

Basically if you apply the patch, you can add an LDAP condition that must b=
e satisfied by the users to become guacamole users. So if you set it as som=
ething like this:
ldap-users-filter: memberOf=3DCN=3DGuacamole,OU=3DService Gropus,OU=3DDomai=
n,DC=3Dmy,DC=3Dlan
only the users that belongs to the specified group will be listed in the gu=
acamole interface and will be allowed to access Guacamole.

At that time I tried to submit the patch to the developers but I wasn=92t a=
ble to set up the whole environment needed to do that, so I gave up, hoping=
 that my patch would be added by someone else sooner or later.

The patch is very simple and you can find it attached to this mail.
I applied it successfully to the latest incubating releases (0.9.11 and 0.9=
.12), I hope it will be helpful.

Best Regards

=97
MCM


Click here<https://www.mailcontrol.com/sr/O5NhFuxAV7XGX2PQPOmvUmGqEHcKtgpya=
pDcl69mHb+hig4t97j7Z4bkA!VSk!WK!fyLIztD8HOcrfMeL1fPjw=3D=3D> to report this=
 email as spam.

--_000_0B640BC754C823498D4BFFC8F94A25F601E2E430SRHDC1SRHlocal_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html dir=3D"ltr">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
<style id=3D"owaParaStyle">P {
	MARGIN-BOTTOM: 0px; MARGIN-TOP: 0px
}
</style>
</head>
<body style=3D"WORD-WRAP: break-word" fPStyle=3D"1" ocsi=3D"0">
<div style=3D"direction: ltr;font-family: Tahoma;color: #000000;font-size: =
10pt;">
<p>Hi Marco, </p>
<p>&nbsp;</p>
<p>Thanks for your reply. That's exactly what I would like to do but unfort=
unately I am running guacamole in docker so I'm not sure I can use this pat=
ch very easily. Hopefully this will find it's way into the official docker =
image.
</p>
<p>&nbsp;</p>
<p>Cheers Andy</p>
<p>&nbsp;</p>
<div style=3D"FONT-SIZE: 16px; FONT-FAMILY: Times New Roman; COLOR: #000000=
">
<hr tabindex=3D"-1">
<div id=3D"divRpF386182" style=3D"DIRECTION: ltr"><font color=3D"#000000" s=
ize=3D"2" face=3D"Tahoma"><b>From:</b> Marco Casavecchia Morganti [marco.ca=
savecchia@ospedaliriuniti.marche.it]<br>
<b>Sent:</b> 07 June 2017 10:37<br>
<b>To:</b> user@guacamole.incubator.apache.org<br>
<b>Subject:</b> Re: LDAP_USER_BASE_DN pointing to an AD Security Group<br>
</font><br>
</div>
<div></div>
<div>
<div>Hello,</div>
<div>I developed a small patch for the guacamole-auth-ldap extension that a=
llows you to specify in the guacamole.properties a new property:<b> ldap-us=
ers-filter</b>.</div>
<div><br>
</div>
<div>Basically if you apply the patch, you can add an LDAP condition that m=
ust be satisfied by the users to become guacamole users. So if you set it a=
s something like this:&nbsp;</div>
<div><b>ldap-users-filter:&nbsp;memberOf=3DCN=3DGuacamole,OU=3DService Grop=
us,OU=3DDomain,DC=3Dmy,DC=3Dlan&nbsp;</b></div>
<div>only the users that belongs to the specified group will be listed in t=
he guacamole interface and will be allowed to access Guacamole.</div>
<div><br>
</div>
<div>At that time I tried to submit the patch to the developers but I wasn=
=92t able to set up the whole environment needed to do that, so I gave up, =
hoping that my patch would be added by someone else sooner or later.</div>
<div><br>
</div>
<div>The patch is very simple and you can find it attached to this mail.</d=
iv>
<div>I applied it successfully to the latest incubating releases (0.9.11 an=
d 0.9.12), I hope it will be helpful.</div>
<div><br>
</div>
<div>Best Regards</div>
<div><br>
</div>
<div>=97</div>
<div>MCM</div>
<div><br>
</div>
<div></div>
<br>
<br>
<font style=3D"BACKGROUND-COLOR: #ffffff">
<p align=3D"center"><font style=3D"BACKGROUND-COLOR: #ffffff">Click <a href=
=3D"https://www.mailcontrol.com/sr/O5NhFuxAV7XGX2PQPOmvUmGqEHcKtgpyapDcl69m=
Hb&#43;hig4t97j7Z4bkA!VSk!WK!fyLIztD8HOcrfMeL1fPjw=3D=3D" target=3D"_blank"=
>
here</a> to report this email as spam.</font></p>
</font></div>
</div>
</div>
</body>
</html>

--_000_0B640BC754C823498D4BFFC8F94A25F601E2E430SRHDC1SRHlocal_--