Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-manual/pull/90#discussion_r199561797
--- Diff: src/chapters/configuring.xml ---
@@ -4033,6 +4033,18 @@ guaclog: INFO: All files interpreted
successfully.</computeroutput>
time that the connection began.</para>
</listitem>
</varlistentry>
+ <varlistentry>
+
<term><varname>${GUAC_ATTR_<replaceable>CUSTOM_ATTRIBUTE_NAME</replaceable>}</varname></term>
+ <listitem>
+ <para>An attribute value specified on the current
Guacamole user.
+
<replaceable>CUSTOM_ATTRIBUTE_NAME</replaceable> is a custom attrbiute
+ name specified in guacamole.properties. The
values for these attributes
+ are queried from the LDAP directory when the
user is authenticated.
+ There is a token for each attribute specified
in guacamole.properties,
--- End diff --
Well, than *can* be queried from LDAP, but that's not the only place they
can come from - they are simply user attributes that may be obtained from any
of the authentication modules that implement that feature. LDAP has an option
for which ones to query (as you've documented in the LDAP section), but any of
the user attributes from the JDBC module should also be available, and I have a
PR for the CAS module to pull in attributes provided by CAS SSO.
Also, only in the case of the LDAP module will the attributes be specified
in guacamole.properties - in the JDBC module they are already part of the user
record, and in the CAS module the available attributes are determined by the
CAS server and what is is configured to provide.
A long way of saying, probably this section here should be a little more
generic :smiley:.
---
