guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <>
Subject Re: Guacamole ldap-group-base-dn
Date Tue, 17 Oct 2017 18:40:51 GMT
On Tue, Oct 17, 2017 at 2:37 PM, Erik Berndt <>

> Carter,
> This should be possible without any schema change. We use an AD Security
> Group to restrict which users are permitted to access the RD Server
> (regardless of the protocol). Within you can use the
> ldap-user-search filter to restrict which users are able to login through
> Guacamole.
> For example, we use the Root OU as the ldap-user-base-dn (which afaik has
> to be the root OU). Than have the following lda-user-search-filter in place:
> ldap-user-search-filter: (memberOf=<CN=ADSECURITYGROUP>
This does, indeed, allow you to restrict who can log into Guacamole, but
does not let you assign individual connections to certain users or groups
of users.


View raw message