Guac: 1.0.0 OS: CentOS 7.6 Using the LDAP extension to connect with a pretty simple AD and using a mariaDB database for authentication/users (aka not changing the AD/LDAP side) with LDAPS.
Using the following filter via "ldap-user-search-filter" in guacamole.properties: (&(objectCategory=person)(objectClass=user)(userAccountControl=512)) Essentially this should (and seems to initially) filter out any account that is not an enabled/active standard user account with a password that expires. So accounts with passwords that do not expire should not be listed and disabled accounts should not be listed. Periodically I disable accounts for users who are no longer active. However these accounts appear to stay visible in the list of users in Guacamole. I have not tried logging into an old account to see if it works yet but am wondering why these do not get removed when they no longer meet the filter criteria? Is this expected behavior? Do I need to manually remove these accounts in Guac? Do I need to some how manually apply the filter again? Thanks PS: The reverse of this issue works just fine. As soon as I add a new user to AD, they show up in Guac as expected immediately. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
