[
https://issues.apache.org/jira/browse/GUACAMOLE-908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16999701#comment-16999701
]
Mike Jumper commented on GUACAMOLE-908:
---------------------------------------
This is already how both users and groups are supposed to work. From
[http://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database]:
{quote}
Data can be manually associated with LDAP user accounts or groups by creating
corresponding users or groups within the database which each have the same
names. As long as the names are identical, a successful login attempt against
LDAP will be trusted by the database authentication, and that user's associated
data will be visible.
{quote}
All you need is a matching group. If you're not seeing this in practice, you
are likely running into GUACAMOLE-715.
> Link LDAP Group to DB Group even if user not in DB
> --------------------------------------------------
>
> Key: GUACAMOLE-908
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-908
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-auth-ldap
> Affects Versions: 1.0.0
> Reporter: Mathieu BRUNOT
> Priority: Minor
>
> Unless I missed something, if we want to give some permissions to a LDAP
> user, we need to create the user in both LDAP and database, even if the LDAP
> Group has its counterpart in the database.
> The idea would be to link to the DB group without needing the user in DB if
> the user has matching LDAP group(s).
> This could be a workaround to GUACAMOLE-708.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
