From user-return-5912-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org  Tue Apr 23 10:03:32 2019
Return-Path: <user-return-5912-archive-asf-public=cust-asf.ponee.io@guacamole.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [207.244.88.153])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 9EF8A180621
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 23 Apr 2019 12:03:31 +0200 (CEST)
Received: (qmail 18120 invoked by uid 500); 23 Apr 2019 10:03:27 -0000
Mailing-List: contact user-help@guacamole.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:user-help@guacamole.apache.org>
List-Unsubscribe: <mailto:user-unsubscribe@guacamole.apache.org>
List-Post: <mailto:user@guacamole.apache.org>
List-Id: <user.guacamole.apache.org>
Reply-To: user@guacamole.apache.org
Delivered-To: mailing list user@guacamole.apache.org
Received: (qmail 18110 invoked by uid 99); 23 Apr 2019 10:03:27 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 23 Apr 2019 10:03:27 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 1D72F180A4B
	for <user@guacamole.apache.org>; Tue, 23 Apr 2019 10:03:27 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: -0.2
X-Spam-Level:
X-Spam-Status: No, score=-0.2 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001,
	URIBL_BLOCKED=0.001] autolearn=disabled
Authentication-Results: spamd3-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024)
	with ESMTP id lw76iyD0Yueh for <user@guacamole.apache.org>;
	Tue, 23 Apr 2019 10:03:24 +0000 (UTC)
Received: from sonic311-23.consmr.mail.gq1.yahoo.com (sonic311-23.consmr.mail.gq1.yahoo.com [98.137.65.204])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 95F715FDE1
	for <user@guacamole.apache.org>; Tue, 23 Apr 2019 10:03:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1556013797; bh=auKr+IIsSrS+zTOUsvewbCyBnHJwMKt8UeMbUL6YyPs=; h=Date:From:To:Subject:References:From:Subject; b=KwVSCtU1xKyLQ1g3xdh/miOM4PrpO+KZ7lMHHpO4V0nlP+8G4ZtmQDCKi9aThzOfD4GBmIOih6QLVwymt7F8dNiHaVWpGF3MJlC1CMD4zTJgTkKvM9ePeFwCYmHE4MIxoVfYTp/HjCi3ZaBWLMF4MDFE4IfTbQ/Xzz6ai1+UrNtffZL4hQf7sm8UZwyBqPJQtK7TqPIIIvccJqxVj6TdBZPx0HCwRQtXlv42VsfM9HD+Yjdvvy/oqyCjy0KiqRTFSveQmIGVcs1vhK1ZyYxOlGmEak7opiPBH8S6EhtFv863fB3tLSPRwJzo+Y0BPHPPqrsU2UQudsL3htmfK0bLWA==
X-YMail-OSG: IOtoGrIVM1kHqi_jCXEu_cBmyDVmrBlo.ToUcW4A.qhSRe5PnSB.1WajB9aPccp
 r7Yvwl.u0ADASCuU0V.Wulx18OGW_29Y9xOPMooMtHP_RY89BufCaSXnwa9rOblr1CkW150PxmKf
 v6hRsQ6aXLx_wFj0BkCHHOUmt7yzheWw8glrKY7F7AzD2OlL4urGw_Bj1JJq0yIV3yteee4JOyAe
 Cj2QeGyAYKrg9LGykh3SiM5AYEuuYchFsFFefQgbsAu.7M2c3Woi.k_ckdmGGy0R6j1ZMUQILgOA
 QPDhp3nB9VcybfM._QDld_YzcH2WZJlDKI85_DUozpXn2rrWMwKWwmIs2gcTjJtgymuKf9w9v_rn
 .TGlndKLmpqAWem00.Bmzcd8mpWr.o6C8BS0RuzsI9rkQaWJ1WBx4W24MoUJcZk7yRx0PudlCcQn
 Rpx3rCk.uP7A7vetNrvCTyVSOrJg_JKCvctQTHMNov3gJ4SU4ZjK1mq7vqg7vbQlatX.2CujAjcO
 nqOWVvrB8qKWM4dDIWrzEP_L5E3avdjIFoRLAPjU38ZP_pm2EWYGxnE8n6gDyjG6xHH6Hu3xqnxY
 7Xuz9e3kA2WZoTvTZgBnqZFXHIgFSMi11IjGRoHNvEuBUAXFfJ9FlnhMhNz3GrZQWnjAXwJ42TEQ
 Zw8q5rAhLHiPh9x_0f21FRspbvqE43EROGFHH7T9YiDA1BCh.BSPPYYEyjKdUlPXEpuhQy_SHum8
 jy6mOQdeExLkFce7dzqE4e3u8rYwjzTaEgaLQZCEP5kyBOuMIXZk_ewjuo3nWet3K2zwJEs0EvVN
 ENhvDV03WKz4.uwVErxOSLsI4ZxgM14EUymdqHvcV7nMYWQFTy7GNNPL8rboAbSLXuRtUjMWDhMQ
 BjwcNq6GMNokEU3IR_FUfSxxk2tJcWPPNo6sgNWiRP1OzBucT3Vq2gcj8eic4K0n8CmajVQzEbMc
 xcudpMeXGRLGgzVhdySwDVULS40o0c7_TajtpwCLOMooNuSxIbk4PGGgJ18y4rVYApaudes_ecXH
 IggG36lGaS3YA6HCB6Cy2QSGiVUSY5H_fseLnutpOu35ich3JTE6aK6ir28J.ywEyuErx1Atd6pc
 0dKtJxh7M2N8mvbYTn6MxZIC1QoB.Fvti9FZXPy7WD_VthZrNjD2n91F_qvyyTJ66r.M8Pnl457V
 c1TR1nG7SLg2N0ecokSAVR6YFHN2s2WPHCArzvIf5lym5Gx4UkcCHiVvELYjLUTSaV.X7tbN6kMU
 sfRo-
Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.gq1.yahoo.com with HTTP; Tue, 23 Apr 2019 10:03:17 +0000
Date: Tue, 23 Apr 2019 10:03:13 +0000 (UTC)
From: Vieri <rentorbuy@yahoo.com>
To: "user@guacamole.apache.org" <user@guacamole.apache.org>
Message-ID: <148644210.4349306.1556013793894@mail.yahoo.com>
Subject: dynamic param values for user-mapping.xml
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
References: <148644210.4349306.1556013793894.ref@mail.yahoo.com>
X-Mailer: WebService/1.1.13490 YMailNorrin Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0

Hi,

Is it possible to use the output of external scripts in order to define spe=
cific variables in user-mapping.xml.

For instance, suppose I have something like this:

<user-mapping>

=C2=A0=C2=A0=C2=A0 <authorize username=3D"test" password=3D"test">

=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <connection name=3D"Terminal Ser=
ver 2012">
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <protoco=
l>rdp</protocol>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <param n=
ame=3D"hostname">SCRIPT_GENERATED_OUTPUT</param>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <param n=
ame=3D"ignore-cert">true</param>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <param n=
ame=3D"security">nla</param>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <param n=
ame=3D"username">SCRIPT_GENERATED_OUTPUT</param>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <param n=
ame=3D"password"> SCRIPT_GENERATED_OUTPUT</param>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 <param n=
ame=3D"domain"> SCRIPT_GENERATED_OUTPUT</param>
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 </connection>

=C2=A0=C2=A0=C2=A0 </authorize>

</user-mapping>

I know I could try to use the LDAP/AD authenticator extension, but:

1) AD is not officially supported, and I'd need to modify the schema with s=
omething like this: https://glyptodon.com/jira/secure/attachment/13006/Guac=
amole%20LDAP%20Authentication%20with%20Active%20Directory.pdf

2) I don't know yet if it is possible/easy to manage the NLA guacConfigPara=
meter values for each user, ie. would I need to specify username, password =
and domain for each group when using NLA as security mode? That would mean =
I'd need to create a connection object for each AD user! Or does Guacamole =
try to use the same username and password as the ones used for the inital L=
DAP/AD bind even when using NLA?

Also note that I'd like the hostname to be dynamic too as I have a script t=
hat checks several things in order to determine which RDP server a user sho=
uld connect to (eg. checks ressource usage on every server, checks whether =
a previously connected user session was inadvertantly cut off, etc., and fi=
nally outputs the name or IP address of the RDP server).

Thanks,

Vieri