guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zer0Cool <melin3...@gmail.com>
Subject Re: ldap groups in 1.0.0 RC1
Date Tue, 08 Jan 2019 16:45:11 GMT
Not sure if this will help but I asked a similar question about using LDAP
filters here:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Help-with-ldap-user-search-filter-and-LDAP-Query-td4223.html

I use something like:

ldap-hostname:myhost.mydomain.com
ldap-port:389 #or 636 for LDAPS)
ldap-user-base-dn:dc=mydomain,dc=com
ldap-search-bind-dn:cn=guac_ldap_user,ou=service_accounts_ou,dc=mydomain,dc=com
ldap-search-bind-password:guac_ldap_user_password
ldap-username-attribute:sAMAccountName
ldap-user-search-filter:(&(objectCategory=person)(objectClass=user)(userAccountControl=512))

The above gets me all users that are active and whos passwords can expire.
It will not include machines, accounts that are disabled and accounts whos
password is set to never expire, etc.

>From the post I linked it seemed that I couldnt simply filter by OU and
would have instead had to have created a group and placed individual
accounts into the groups. That was more trouble for me than it would have
been worth as I just wanted to eliminate service accounts and machines from
being listed in Guacamole.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Mime
View raw message