I seem to be running into either the same or a very similar problem (running guacamole 1.0.0 but my understanding is that this is identical to the RC): Authentication succeeds without any modification to the source, but from this point on, the behavior I'm seeing seems to be identical. Here are the different scenarios I have tried:
*1. Having just the LDAP group be mirrored in MySQL by creating an identically named one there* /-> Login succeeds, but no associated connections are shown./ *2. Having both the LDAP group and the user be mirrored in MySQL by creating identically named entities there without manually linking the two* /-> Login succeeds and guacamole tries to auto-connect to the only available connection/shows all available connections and fails when trying to connect with a permission error./ *3. Having both the LDAP group and the user be mirrored in MySQL by creating identically named entities there and manually adding the MySQL user to the MySQL group* /-> Connections are established successfully/ Either there seems to be a big misunderstanding regarding the way the new group system is supposed to work with LDAP, or there's something going wrong here. It goes without saying that scenario 3 completely eliminates the purpose of relying on existing LDAP groups. Scenario 1 is what I would have assumed to work as that would enable us to manage connections based on LDAP groups without having to create any MySQL users whatsoever. Scenario 2 is what led me to assume that my expected functionality is supposed exist at least in part. On top of that, I have had no success whatsoever in granting admin privileges to users based on LDAP group membership, while this seems to be possible using explicitly linked MySQL users and groups. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
