[ https://issues.apache.org/jira/browse/GUACAMOLE-1014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman reopened GUACAMOLE-1014: -------------------------------------- > LDAP + MySQL DB user does not get connections applied to LDAP group > ------------------------------------------------------------------- > > Key: GUACAMOLE-1014 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-1014 > Project: Guacamole > Issue Type: Bug > Components: guacamole-auth-ldap > Affects Versions: 1.1.0 > Reporter: Jason Keltz > Priority: Major > > I have installed Guacamole 1.1.0 and configured it to use our Samba AD server > as LDAP + MySQL DB. Logins work fine, but when I add connections to a > standard LDAP group, and users login who are in those groups, they cannot > access the connections. As a result, when users login, they have access to > no connections. I have 1000 users I have to either manually add connections > for, or I have to write code to manually pre-add the users to the MySQL DB so > they will have connections. I've written the mailing list, but there has > been no feedback. I believe this is a bug. > 1) Users and groups are in CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca: > CN=<user>,CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca > CN=<group>,CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca > For Guacamole ldap-group-base-dn: CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca > For Guacamole ldap-group-name-attribute: cn > But there's no option for me to specify: ldap-group-search-filter: > objectClass=group > I also add: ldap-member-attribute: member > From the command prompt, I can print the groups using: > ldapsearch -x -h <ldap server> -D "<me>" -W -b "dc=ad,dc=eecs,dc=yorku,dc=ca" > "(objectClass=group)" > Because of lack of ldap-group-search-filter, my list of groups in Guacamole > contains all the users as well! > If I want to see who are the members of a group from the command line I can > do: > ldapsearch -x -h <ldap server> -D "<me>" -W -b "cn=Domain > Admins,cn=Users,dc=ad,dc=eecs,dc=yorku,dc=ca" member > 2) I could live with the fact that the users appear in my group list because > there's no way for me to specify ldap-group-search-filter. However, if I > take a group that appears in the list (eg. Domain Users), and I add > connections then when a user logs in who is in the group, they don't get the > connections. This seems like a bug to me. -- This message was sent by Atlassian Jira (v8.3.4#803005)