[
https://issues.apache.org/jira/browse/GUACAMOLE-284?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16019817#comment-16019817
]
Nick Couchman commented on GUACAMOLE-284:
-----------------------------------------
It sounds like maybe there's some confusion or missing information with how you
have authentication set up. Do you have MySQL authentication only, or are you
layering MySQL with LDAP? Based on your description it sounds like you're
doing the later, and, the way authentication layering currently works in
Guacamole, disabling the account will only disable authentication of the
account via the database module, it won't actually block a login, as
authentication will succeed via the LDAP module. When authentication succeeds,
the user will be logged in, and then the user's permissions will be aggregated
from other authentication sources that contain the same username.
So, disabled, time restrictions, and account expiration settings inside the
database modules will not impact logins that happen via another module when
multiple modules are layered.
> When using ldap with MySQL backend "Account Restrictions" doesn't work
> ----------------------------------------------------------------------
>
> Key: GUACAMOLE-284
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-284
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-jdbc-mysql, guacamole-auth-ldap,
> guacamole-client
> Affects Versions: 0.9.12-incubating
> Reporter: Mark van den Boogaard
>
> When using LDAP authentication and a MySQL backend the options under "Account
> Restrictions" are not working.
> When we set the option "Disabled" or "Enable/Disable account after" this has
> no effect.
> For us the users who managing Guacamole (users and connections) do not have
> access to LDAP to enable/disable accounts. So it would be nice to do have
> these options working when using LDAP authentication with MySQL
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
