guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ek1m92 <ek1...@posteo.de>
Subject Re: AW: ldap groups in 1.0.0 RC1
Date Tue, 15 Jan 2019 15:10:00 GMT
I seem to be running into either the same or a very similar problem (running
guacamole 1.0.0 but my understanding is that this is identical to the RC):
Authentication succeeds without any modification to the source, but from
this point on, the behavior I'm seeing seems to be identical. Here are the
different scenarios I have tried:

*1. Having just the LDAP group be mirrored in MySQL by creating an
identically named one there*
/-> Login succeeds, but no associated connections are shown./

*2. Having both the LDAP group and the user be mirrored in MySQL by creating
identically named entities there without manually linking the two*
/-> Login succeeds and guacamole tries to auto-connect to the only available
connection/shows all available connections and fails when trying to connect
with a permission error./

*3. Having both the LDAP group and the user be mirrored in MySQL by creating
identically named entities there and manually adding the MySQL user to the
MySQL group*
/-> Connections are established successfully/

Either there seems to be a big misunderstanding regarding the way the new
group system is supposed to work with LDAP, or there's something going wrong
here. It goes without saying that scenario 3 completely eliminates the
purpose of relying on existing LDAP groups. Scenario 1 is what I would have
assumed to work as that would enable us to manage connections based on LDAP
groups without having to create any MySQL users whatsoever. Scenario 2 is
what led me to assume that my expected functionality is supposed exist at
least in part.

On top of that, I have had no success whatsoever in granting admin
privileges to users based on LDAP group membership, while this seems to be
possible using explicitly linked MySQL users and groups.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Mime
View raw message