guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Help with ldap-user-search-filter and LDAP Query
Date Tue, 20 Nov 2018 17:08:21 GMT
>
> Any help would be great I have been racking my brain and cant work this
> out.
> I am very new to LDAP queries and ignorance on my part is, I am sure,
> largely to blame.
>
> I have tried something like:
> (&(objectCategory=person)(|(OU=Admins)(OU=Domain Users))
>
>
First, you're missing a closing parenthesis, here - there should be three
at the end (close the Domain Users, close the OR, close the AND).

But, even with that corrected, this particular filter will not grab objects
that are *in* a particular OU.  They will grab objects that have the OU
attribute defined on them.  So, your user accounts would need to have the
"OU" attribute defined and be set to one of those in order for that to
work.  I don't know that there's really a way to filter for items included
in a particular OU like this - you could try something like:

(&objectCategory=person)(|(dn=*,OU=Admins,DC=domain,DC=com)(dn=*,OU=Domain
Users,DC=domain,DC=com)))

However, assuming you have some level of control over your AD environment,
the better thing to do would probably be to create a group for these users
and then do:

(&(objectCategory=person)(memberOf=CN=Guacamole
Users,ou=Groups,DC=domain,DC=COM))

And then all you have to do is add users to the "Guacamole Users" group and
they should be picked up and allowed by the LDAP extension.

-Nick

Mime
View raw message