Hello, I have LDAP authentication enabled and did not extend the AD schema. I am able to sync AD groups and I do not have to do any manual user import to groups in the guacamole database. In the documentation I believe this was accomplished by having a "guacadmin" AD account that has permissions to read AD.
-----Original Message----- From: larssonsamuel <[email protected]> Sent: Tuesday, September 29, 2020 5:47 AM To: [email protected] Subject: [EXTERNAL] [Suspected SPAM] Add LDAP users to database groups with scripts Importance: Low WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: [email protected] Hi, My setup looks like this: Users exist in AD, towards which they authenticate when logging in to Guacamole. The group management however is handled in MySQL since we couldn't change the schema to provide group management in our AD. When I look in the database, it looks like users are getting created in the database on first authentication (which they do towards AD), and the password hash column is populated. Does this mean that the hashes that I see in the database are fetched from AD during the authentication? I can't seem to find anything in the docs about this. The problem that I now have encountered is that I want to add users to group via script, i.e. SQL queries, so that they are already added before they do their first authentication. But how can I get all the info from AD to successfully populate all required fields for a new user in the database? Hope this makes sense! //Samuel -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
