On Fri, May 15, 2020 at 12:52 PM Carlos Al. <[email protected]> wrote:
> Thank you for your answer Nick. I have already read all the docs about > ldap. > In fact now we have this in guacamole.properties: > > /ldap-user-base-dn: ou=users,dc=org > ldap-username-attribute: uid > ldap-user-search-filter: (objectclass=posixAccount) > ldap-max-search-results: 10/ > > But still too much preassure on the ldap server. > > The user search filter you have isn't overly-restrictive - you could trying putting a little more into that to cut it down. For example, you can use (memberOf=) filters to filter users by group membership. It will still have to look at a bunch of user objects, but will stop when it doesn't match the group membership. I'm not sure what LDAP server you're running - I used to manage a Novell eDirectory install, and it had a lot of really good options for setting up your own indices that could handle those searches reasonably well. OpenLDAP has similar options - not sure about AD. -Nick
