guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <nick.couch...@yahoo.com>
Subject Re: LDAP_USER_BASE_DN pointing to an AD Security Group
Date Fri, 28 Jul 2017 21:11:39 GMT
In order to accomplish what you're trying to do, you need to change your base DN to a higher-level.
 So, the following line:
ldap-user-base-dn: OU=guacamoleou,DC=test,DC=local

would need to be changed to:
ldap-user-base-dn: DC=test,DC=local

Another option is to leave the base DN as you have it, enable Alias Dereferencing (see the
manual) and then link any additional users into the guacamoleou OU object.
Finally, there is a JIRA issue out there for changing LDAP behavior such that you can put
multiple OUs in, but I don't think it has been implemented, yet.
-Nick

On Friday, July 28, 2017, 4:15:10 AM EDT, Mariano Di Girolamo <m.digirolamo@tecnodata-srl.it>
wrote:

Hi Marco,
I installed your patch on guacamole 0.9.12 and now only members to the group I specified
on ldap-user-filter can access to guacamole, but this is true
only if users are in the OU configured on ldap-user-base-dn.
What can I do to enable users in different OU?

This is my configuration on guacamole.properties:

ldap-hostname: dc.test.local
ldap-port: 389
ldap-users-filter: memberOf=CN=guacgroup,DC=test,DC=local
ldap-user-base-dn: OU=guacamoleou,DC=test,DC=local
ldap-search-bind-dn: CN=guacamole,OU=guacamoleou,DC=test,DC=local
ldap-search-bind-password: mypass
ldap-username-attribute: sAMAccountName


Thanks


Di Girolamo Mariano
cell. +39 329 0552286
tel. +39 0735 7626263Tecnodata s.r.l. - Via Val Tiberina, 23A - 63074 San Benedetto del Tronto
(AP) Italytel. +39 0735 7626261 - www.tecnodata-srl.itIl contenuto di questa e-mail e degli
eventuali allegati, è strettamente confidenziale, non producibile in giudizio e destinato
alla/e persona/e a cui è indirizzato. Se avete ricevuto per errore questa e-mail, Vi preghiamo
di segnalarcelo immediatamente e di cancellarla dal vostro computer. E' fatto divieto di copiare
e divulgare il contenuto di questa e-mail. Ogni utilizzo abusivo delle informazioni qui contenute
da parte di persone terze o comunque non indicate nella presente e-mail, potrà essere perseguito
ai sensi di legge.
Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message