ek1m92 wrote > Correct me > if I'm wrong here Joel, but what I expected to work based on the > documentation was the following: > > 1. Create user group in MySQL with the name of a corresponding user group > in > the LDAP directory > 2. Create connection in MySQL > 3. Grant connection permission to the user group created in 1. > 4. LDAP users that are part of the LDAP group (in the directory) are able > to > log in with their LDAP credentials and access that connection
That's correct, this is the scenario I've been working on and cannot get to work. I don't believe that group membership restrictions for LDAP-authenticated users is working correctly. From the linked JIRA issue, Mike says: > If the user is authenticated by LDAP, and you wish permissions to be > granted by a group defined in MySQL, what matters is that the LDAP user is > a member of an LDAP group that matches the MySQL group, not that the LDAP > user matches the MySQL user. >From my experience so far, the only way to get group membership restrictions to work for an LDAP-authenticated user is to have them be both a member of the LDAP group *and* a member of a MySQL group with the same name. Not being a member of either leads to them not being able to see the connection or not being able to connect to it. Thanks, -Joel -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
