[
https://issues.apache.org/jira/browse/GUACAMOLE-1014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17078575#comment-17078575
]
Jason Keltz commented on GUACAMOLE-1014:
----------------------------------------
I would also like to add that if I select the "Domain Users" group in
Guacamole, under "MEMBER USERS" it reports:
"This group does not currently contain any users. Expand this section to add
users."
However, this may be normal because I haven't added any users to this group
*in* Guacamole. The users are added to the group in LDAP.
> LDAP + MySQL DB user does not get connections applied to LDAP group
> -------------------------------------------------------------------
>
> Key: GUACAMOLE-1014
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1014
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Affects Versions: 1.1.0
> Reporter: Jason Keltz
> Priority: Major
>
> I have installed Guacamole 1.1.0 and configured it to use our Samba AD server
> as LDAP + MySQL DB. Logins work fine, but when I add connections to a
> standard LDAP group, and users login who are in those groups, they cannot
> access the connections. As a result, when users login, they have access to
> no connections. I have 1000 users I have to either manually add connections
> for, or I have to write code to manually pre-add the users to the MySQL DB so
> they will have connections. I've written the mailing list, but there has
> been no feedback. I believe this is a bug.
> 1) Users and groups are in CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca:
> CN=<user>,CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca
> CN=<group>,CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca
> For Guacamole ldap-group-base-dn: CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca
> For Guacamole ldap-group-name-attribute: cn
> But there's no option for me to specify: ldap-group-search-filter:
> objectClass=group
> I also add: ldap-member-attribute: member
> From the command prompt, I can print the groups using:
> ldapsearch -x -h <ldap server> -D "<me>" -W -b "dc=ad,dc=eecs,dc=yorku,dc=ca"
> "(objectClass=group)"
> Because of lack of ldap-group-search-filter, my list of groups in Guacamole
> contains all the users as well!
> If I want to see who are the members of a group from the command line I can
> do:
> ldapsearch -x -h <ldap server> -D "<me>" -W -b "cn=Domain
> Admins,cn=Users,dc=ad,dc=eecs,dc=yorku,dc=ca" member
> 2) I could live with the fact that the users appear in my group list because
> there's no way for me to specify ldap-group-search-filter. However, if I
> take a group that appears in the list (eg. Domain Users), and I add
> connections then when a user logs in who is in the group, they don't get the
> connections. This seems like a bug to me.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
