On Tue, Jun 11, 2019 at 5:34 AM Zer0Cool <[email protected]> wrote:
> Guac: 1.0.0 > OS: CentOS 7.6 > > Using the LDAP extension to connect with a pretty simple AD and using a > mariaDB database for authentication/users (aka not changing the AD/LDAP > side) with LDAPS. > > Using the following filter via "ldap-user-search-filter" in > guacamole.properties: > > (&(objectCategory=person)(objectClass=user)(userAccountControl=512)) > > Essentially this should (and seems to initially) filter out any account > that > is not an enabled/active standard user account with a password that > expires. > So accounts with passwords that do not expire should not be listed and > disabled accounts should not be listed. > > Periodically I disable accounts for users who are no longer active. However > these accounts appear to stay visible in the list of users in Guacamole. I > have not tried logging into an old account to see if it works yet but am > wondering why these do not get removed when they no longer meet the filter > criteria? > My guess would be that database accounts still exist for those users. - Mike
