On Mon, Feb 26, 2018 at 10:45 PM, Joachim Lindenberg <joac...@lindenberg.one > wrote:
> ... > > · w.r.t. ldap & database – my installation is very small w.r.t. the > number of users (2-3) and virtual systems (5-10). A database sounds > overengineered to me especially considering operations (backup). > Small or large, the database authentication backend is really the best way to go. It is the only authentication extension which implements both reading and writing, thus providing a web-based management interface for connections and users, and the only extension which implements full screen sharing, logging of connection access, etc. Generating user-mapping.xml on the Hyper-V host sounds like one approach I > might try > I strongly recommend against auto-generating XML as a means of throwing together integration quickly: http://guacamole.apache.org/faq/#integrate-auth (but I dislike the passwords in that and would prefer to get them from > LDAP), or I am considering to plug in my own authentication – but that will > take some programming time. > Nevertheless, if you wish to tightly integrate Guacamole with your own authentication, this is exactly the way it should be done. Actually I think Guacamole could standardize a rest based client > Guacamole's interface is already driven by a REST sevice. using basic authentication (forwarding the credentials received) > Guacamole also already pulls credentials from HTTP basic auth if they are not otherwise provided. If you implement your own authentication extension, you can also explicitly do this, but the username/password from HTTP basic auth will be automatically pulled into the Credentials object already. - Mike