Hi, I’ve a fresh install of Guacamole 1.1.0 on Ubuntu 18.0.4 Server.
I have the LDAP extension installed (along with the MySQL one) and I’ve defined connections directly into LDAP. Everything works just fine, users are authenticated and are allowed the proper connections, however I would like to allow only users MemberOf a one LDAP group (e.g. guacusers) to login to my Guacamole site. I’m using ldap-user-search-filter, but it does not seem to work. As of now any active users in my LDAP directory can login into the Guacamole site. No connections are displayed for the users that I would like to disallow, but nevertheless they can still login... This is the LDAP configuration in my guacamole.properties # LDAP properties ldap-hostname: configserver.my.domain ldap-port: 389 ldap-user-base-dn: ou=users,dc=my,dc=domain ldap-username-attribute: uid ldap-user-search-filter: (memberof=cn=guacusers,ou=users,dc=my,dc=domain) ldap-config-base-dn: ou=guac_config,dc=my,dc=domain ldap-group-base-dn: ou=groups,dc=my,dc=domain And I have previously used this same configuration some time back when I was testing version 0.9.14 and it seemed to be working... Note that if I run the same filter on my LDAP server, e.g.: ldapsearch -x -LLL -H ldap:/// -b "ou=users,dc=my,dc=domain" -s sub "(memberof=cn=guacusers,ou=groups,dc=my,dc=domain)” I get the expected result…. I’ve also tried adding other specifiers to the filter, like &(objectClass=person)(memberof=cn=guacusers,ou=groups,dc=my,dc=domain)) they all work when I query the LDAP server with ldapsearch, but don’t seem to have any effect when I use them in Guacamole. Thanks for your help, Fabio
