guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ek1m92 <ek1...@posteo.de>
Subject Re: Restricting access to Connections defined in MySQL using LDAP groups?
Date Tue, 22 Jan 2019 14:47:15 GMT
vnick wrote
> I think it's probably already covered under this issue:
> 
> https://issues.apache.org/jira/browse/GUACAMOLE-696

How so? You explicitly confirmed earlier that it should be possible to limit
access to MySQL-defined connections using LDAP group membership. If that's
the case, how is it supposed to be accomplished?

If I understand correctly, the issue refers to a scenario where someone is
trying to grant connection access to an LDAP authenticated user by means of
a user group that is only present in the MySQL database with no affiliation
to an LDAP group. That's not what JoelB and me are trying to do. Correct me
if I'm wrong here Joel, but what I expected to work based on the
documentation was the following:

1. Create user group in MySQL with the name of a corresponding user group in
the LDAP directory
2. Create connection in MySQL
3. Grant connection permission to the user group created in 1.
4. LDAP users that are part of the LDAP group (in the directory) are able to
log in with their LDAP credentials and access that connection

This does not work for me. As I have pointed out, I have tried out the
scenarios described  here
<http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ldap-groups-in-1-0-0-RC1-tp4403p4496.html>
 
in my efforts to pinpoint the problem or rather just understand whether I
should expect this to work in the first place.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

Mime
View raw message