[
https://issues.apache.org/jira/browse/GUACAMOLE-954?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17033925#comment-17033925
]
Nils commented on GUACAMOLE-954:
--------------------------------
OK, noted. Implementing support for nested groups is, at least in the world of
AD, relatively simple as perĀ
[https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax]
I personally use this in several places (e.g. Apache) to support Nested Groups,
which in an organisation are very common. The way to configure the search
filter is like such:
memberof:*1.2.840.113556.1.4.1941:*=CN=whatever,OU=ou,dc=your,dc=lan
{{}}
|1.2.840.113556.1.4.1941|*LDAP_MATCHING_RULE_IN_CHAIN*|This rule is limited to
filters that apply to the DN. This is a special "extended" match operator that
walks the chain of ancestry in objects all the way to the root until it finds a
match.|
> LDAP Authentication, users require explicit creation in MySQL for connection
> sharing.
> -------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-954
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-954
> Project: Guacamole
> Issue Type: Improvement
> Components: guacamole-server
> Affects Versions: 1.1.0
> Reporter: Nils
> Priority: Major
>
> Using LDAP for authentication, MySQL to store connection information.
> Login works fine, however unable to share connections with other LDAP users
> without first explicitly creating these users in MySQL as well. Likewise for
> groups, if I share connections with a LDAP Group, users that are a member of
> this group will not see any connections that are shared with this group.
> I'm pretty sure that at some point, prior to the official 1.1.0 release, this
> was working.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
