Not sure if this will help but I asked a similar question about using LDAP filters here: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/Help-with-ldap-user-search-filter-and-LDAP-Query-td4223.html
I use something like: ldap-hostname:myhost.mydomain.com ldap-port:389 #or 636 for LDAPS) ldap-user-base-dn:dc=mydomain,dc=com ldap-search-bind-dn:cn=guac_ldap_user,ou=service_accounts_ou,dc=mydomain,dc=com ldap-search-bind-password:guac_ldap_user_password ldap-username-attribute:sAMAccountName ldap-user-search-filter:(&(objectCategory=person)(objectClass=user)(userAccountControl=512)) The above gets me all users that are active and whos passwords can expire. It will not include machines, accounts that are disabled and accounts whos password is set to never expire, etc. >From the post I linked it seemed that I couldnt simply filter by OU and would have instead had to have created a group and placed individual accounts into the groups. That was more trouble for me than it would have been worth as I just wanted to eliminate service accounts and machines from being listed in Guacamole. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
