On Wed, Jul 28, 2021 at 2:04 AM Jonas Einnolf <[email protected]> wrote:
> Greetings to everyone, > > I am using a UCS system (Univention Corporate Server) and would like to > link Apache Guacamole 1.3.0 to my LDAP database so that I can control > access rights. When individual users are assigned to a Guacamole > configuration, they can see and use the assigned configurations as > intended. However, when a group is assigned to a configuration, no > configurations are visible to the users in the group. > Are you referring to defining connections within LDAP using the "guacConfigGroup" object via schema modifications? If so, this is done through the "seeAlso" attribute. >From http://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-schema-changes : "... Each connection defined by a guacConfigGroup will be accessible only by users who are members of that group (specified with the member attribute), or who are members of associated groups (specified with the seeAlso attribute)." > The problem here is with the search filter, which cannot find > configurations assigned to user groups. The search filter continues to > search with the uid of the user and not with associated group CNs, despite > passing the ldap-member-attribute. > Can you clarify what you're referring to here? It sounds like you're seeing a specific set of queries in the logs, but are expecting to see a different set of queries. If so, what queries are you seeing and what queries were you expecting to see instead? Michael Jumper CEO, Lead Developer Glyptodon Inc <https://glyp.to/>.
