guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <>
Subject Re: Help with ldap-user-search-filter and LDAP Query
Date Sun, 25 Nov 2018 21:41:41 GMT
On Tue, Nov 20, 2018 at 3:54 PM Zer0Cool <> wrote:

> I kind of figured it out. At least the base issue.
> ldap-users-search-filter: (memberOf=CN=Domain
> Admins,CN=Users,DC=domain,DC=COM)
> Seems to be the proper syntax for the parameter in the
> file. This pulled in just the members of that group. Removing
> "(&(objectCategory=user" got it working. I am gonna go out on a limb and
> assume it uses something like "objectCategory=*" by default and that's
> pre-pended to any conditions put in by the user causing issues?

Well, at least in the current master, the default is just
"(objectClass=*)", and it should be overridden (not appended) if you
specify the parameter in the configuration:

I can confirm this is also how it is for 1.0.0, but not sure off the top of
my head how 0.9.14 behaves.

> I am still trying to figure out if I can limit the results just to actual
> users (not critical at this point) and only active users (a bit more
> important to me).

Yes, you should be able to with a valid search filter that includes the
object class for user, person, etc.

> Overall, I would really just like to figure out the syntax Guac expects for
> this and what options/flexibility/limits it has compared to standard LDAP
> queries.

You might try putting Guacamole Client into debug mode and see if you can
figure out where it's choking on the query.  You can find instructions on
this, here:


View raw message