From user-return-5076-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org Tue Jan 22 15:47:20 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id BF3B7180634 for ; Tue, 22 Jan 2019 15:47:19 +0100 (CET) Received: (qmail 5135 invoked by uid 500); 22 Jan 2019 14:47:18 -0000 Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@guacamole.apache.org Delivered-To: mailing list user@guacamole.apache.org Received: (qmail 5125 invoked by uid 99); 22 Jan 2019 14:47:18 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jan 2019 14:47:18 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 69443C254B for ; Tue, 22 Jan 2019 14:47:18 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.284 X-Spam-Level: ** X-Spam-Status: No, score=2.284 tagged_above=-999 required=6.31 tests=[RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.972, URI_HEX=1.313] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 6lNMnUEf4-Nv for ; Tue, 22 Jan 2019 14:47:16 +0000 (UTC) Received: from n4.nabble.com (n4.nabble.com [199.38.86.66]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id EE7075FB73 for ; Tue, 22 Jan 2019 14:47:15 +0000 (UTC) Received: from n4.nabble.com (localhost [127.0.0.1]) by n4.nabble.com (Postfix) with ESMTP id 7D1E24B86E79 for ; Tue, 22 Jan 2019 08:47:15 -0600 (CST) Date: Tue, 22 Jan 2019 08:47:15 -0600 (CST) From: ek1m92 To: user@guacamole.apache.org Message-ID: <1548168435510-0.post@n4.nabble.com> In-Reply-To: References: <1547830710943-0.post@n4.nabble.com> <1548077820934-0.post@n4.nabble.com> <1548094194378-0.post@n4.nabble.com> <1548095718181-0.post@n4.nabble.com> <1548150925165-0.post@n4.nabble.com> <1548158663306-0.post@n4.nabble.com> <1548162480970-0.post@n4.nabble.com> Subject: Re: Restricting access to Connections defined in MySQL using LDAP groups? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit vnick wrote > I think it's probably already covered under this issue: > > https://issues.apache.org/jira/browse/GUACAMOLE-696 How so? You explicitly confirmed earlier that it should be possible to limit access to MySQL-defined connections using LDAP group membership. If that's the case, how is it supposed to be accomplished? If I understand correctly, the issue refers to a scenario where someone is trying to grant connection access to an LDAP authenticated user by means of a user group that is only present in the MySQL database with no affiliation to an LDAP group. That's not what JoelB and me are trying to do. Correct me if I'm wrong here Joel, but what I expected to work based on the documentation was the following: 1. Create user group in MySQL with the name of a corresponding user group in the LDAP directory 2. Create connection in MySQL 3. Grant connection permission to the user group created in 1. 4. LDAP users that are part of the LDAP group (in the directory) are able to log in with their LDAP credentials and access that connection This does not work for me. As I have pointed out, I have tried out the scenarios described here in my efforts to pinpoint the problem or rather just understand whether I should expect this to work in the first place. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/