Marko, In my opinion the schema modification was made extremely easy by the included scripts.
I had no issues with my implementation. I used 389-DS for my LDAP solution. We have done what you mentioned below which is having a group for each independent server and we give people access simply by adding them to the group it works wonders! I cannot speak for the guac developers, however I doubt that what you would like below will be implemented as there are a lot of other attributes that you can set for each connection. Regards, Alex -----Original Message----- From: Marko Cupać <[email protected]> Sent: Wednesday, July 18, 2018 8:53 AM To: [email protected] Subject: LDAP/AD groups by means of memberOf Hi, I would like to implement Guacamole and integrate it with Active Directory, but I'm not comfortable with the idea of schema modification. From my point of view, better approach would be to be able to create AD group for every destination server, so that every member of mentioned group gets access to corresponding server through guacamole. Hostname could be read for example from group's description field, protocol from extension attribute. Any chance Guacamole's LDAP integration will also support this kind of setups in the future? Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
