guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carter Sema <CS...@acschools.org>
Subject RE: Guacamole ldap-group-base-dn
Date Tue, 17 Oct 2017 19:04:13 GMT
Is it possible to use already existing AD fields that LDAP reads? Or does it only read the
Guacamole AD Fields from its schema modification? Can guacamole read any AD Group from the
App at all? Can’t the Security group that controls login hold some kind of connection data?
(using ad security groups to control login is amazing, love that feature)

I had just tested doing it the way you suggested, and it works, just means I have to load
users individually or script an import. Has anyone used a GUI SQL tool such as Oracle SQL
Developer or RazorSQL to pull data from the guacamole SQL tables and modify?

Thanks!
Carter Sema
Network Support Specialist
CSema@acschools.org<mailto:CSema@acschools.org>
[CertBadge_Administrator_web]

From: Nick Couchman [mailto:vnick@apache.org]
Sent: Tuesday, October 17, 2017 2:27 PM
To: user@guacamole.incubator.apache.org
Subject: Re: Guacamole ldap-group-base-dn

On Tue, Oct 17, 2017 at 2:14 PM, Carter Sema <CSema@acschools.org<mailto:CSema@acschools.org>>
wrote:
I read the following article https://issues.apache.org/jira/browse/GUACAMOLE-12 when I was
looking for how to assign connections to LDAP users. From the article it sounds like I can
use AD Security Groups? Is this possible without updating my Schema? Updating my Schema is
off the table for options. So im looking for the 2nd best without needing to import a ton
of users into the guac sql database.


Using that method requires that you store the connection information inside LDAP, which requires
schema modifications.

If you stack authentication modules, like JDBC and LDAP, you can have users log in with LDAP,
make sure those same users are created in JDBC, and then assign the permissions to the user
accounts objects in the JDBC module.  As long as the LDAP and JDBC usernames match, this will
map through.

-Nick

Mime
View raw message