guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Guacamole ldap-group-base-dn
Date Tue, 17 Oct 2017 18:40:51 GMT
On Tue, Oct 17, 2017 at 2:37 PM, Erik Berndt <erikberndt@superiorpaving.net>
wrote:

> Carter,
>
> This should be possible without any schema change. We use an AD Security
> Group to restrict which users are permitted to access the RD Server
> (regardless of the protocol). Within Guacamole.properties you can use the
> ldap-user-search filter to restrict which users are able to login through
> Guacamole.
>
> For example, we use the Root OU as the ldap-user-base-dn (which afaik has
> to be the root OU). Than have the following lda-user-search-filter in place:
>
> ldap-user-search-filter: (memberOf=<CN=ADSECURITYGROUP>
> ,ou=<GROUP>,OU=<ORGAZATIONALUNIT>,DC=<DOMAIN>,DC=<DOMAINSUFFIX>)
>
>
This does, indeed, allow you to restrict who can log into Guacamole, but
does not let you assign individual connections to certain users or groups
of users.

-Nick

Mime
View raw message