[ https://issues.apache.org/jira/browse/GUACAMOLE-696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16739861#comment-16739861 ]
Michael Jumper commented on GUACAMOLE-696: ------------------------------------------ The groups which apply to a particular user are dictated by the extension that authenticates that user. I'm not sure this is a bug per se, as things are functioning as intended, but I can see how this would be confusing. If the user is authenticated by LDAP, and you wish permissions to be granted by a group defined in MySQL, what matters is that the LDAP user is a member of an LDAP group that matches the MySQL group, not that the LDAP user matches the MySQL user. I agree that the MySQL, PostgreSQL, etc. backends should apply permissions inherited through their own groups, anyway, though. > LDAP User Not Getting MySQL Group Permissions > --------------------------------------------- > > Key: GUACAMOLE-696 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-696 > Project: Guacamole > Issue Type: Bug > Components: guacamole, guacamole-auth-jdbc-mysql, guacamole-auth-ldap > Affects Versions: 1.0.0 > Reporter: matt nelson > Priority: Major > > A user authenticated and logged in with an LDAP account has no access to the > group permissions assigned to the matching database user. > if the user logs in using the database user password then the connections do > appear. > If the connection permissions are assigned directly to the database user they > do appear for the LDAP user. > > > -- This message was sent by Atlassian JIRA (v7.6.3#76005)