guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JoelB <nab...@joelbest.ca>
Subject Re: Restricting access to Connections defined in MySQL using LDAP groups?
Date Tue, 22 Jan 2019 13:30:48 GMT
Thanks, let me know when you've filed an issue and I'll add my experience if
there is any difference. 

Interestingly in developing my tool I've found that if LDAP group support is
configured, users have to be a member of BOTH the MySQL group and the LDAP
group in order to see the connections. It's not sufficient for them to only
be a member of a MySQL group that has permissions, even if that group has no
LDAP equivalent. Apparently Guacamole is in fact checking for LDAP group
membership, but only denies access based on non-membership and doesn't grant
access based on actually being a member.

Thanks for your help,
-Joel



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Mime
View raw message