Hi Nick, That would be ok in a greed field deployment, but unfortunately this is not the case.
We don’t have an actual issue with this setup, we only limit guacamole login to a specific domain anyway, however it’s blocking from being able to automate connection and user permissions in guacamole. It’s why I was hoping there’s a predictable way these strings are generated. Regards, Bogdan > On 17 Mar 2020, at 22:20, Nick Couchman <[email protected]> wrote: > > On Mon, Mar 16, 2020 at 7:34 PM Stefan Bogdan Cimpeanu <[email protected] > <mailto:[email protected]>> wrote: > Hello all, > In our Azure AADDS, which from Guacamole’s point of view is just a simple > LDAP, we have situations where a user would appear as duplicate, depending on > its sign in domain. > For example we might have [email protected] > <mailto:[email protected]> and [email protected] > <mailto:[email protected]> . > > > In this case I would suggest that you change the ldap-username-attribute to > something other than sAMAccountName that actually uniquely identifies the > user. You might use mail to make it their e-mail address, or userPrincipal > (I think?) usually includes both the username and domain name. > > -Nick
