Thanks for the excellent answer, I really appreciate it. It makes way more sense that way.
The only thing I don't get is why I was experiencing this "import" behavior in 1.0.0. But I will let it rest. Best regards Teis ________________________________ From: Nick Couchman <[email protected]> Sent: Saturday, February 22, 2020 7:17:11 PM To: [email protected] <[email protected]> Subject: Re: LDAP in docker, no new users On Mon, Feb 17, 2020 at 8:04 AM Teis Angel Clausen <[email protected]> wrote: I just noticed, if i add the users manually only by username, it also authenticates using LDAP. So could the user import, part be broken ? There's no "import" functionality in Guacamole Client - it will attempt to authenticate users from any of the modules you have enabled, in order of loading, and it will read in the users if possible and depending on what access it has to the underlying directory (in the case of LDAP). But these users are not automatically "imported" from the LDAP module into the JDBC module. The authentication system does "stack" modules such that if a user is authenticated in one module (for example, LDAP), the permissions for that user in the other module (for example, JDBC) should apply. However, at present, you still have to create either the users or groups in the JDBC module that you want to match up from the LDAP module. There were some changes/improvements made to this in the 1.1.0 release in terms of matching groups and user membership in groups - see the release notes for more details. In the future (hopefully the next release) we will have support for auto-creating users in the JDBC module that are authenticated through other modules, which will ease the administrative burden of having to manually create users and/or groups. But this is not finished, yet - the PR is still being worked/reviewed. -Nick
