On Mon, Feb 7, 2022 at 1:18 PM Sathija Pavuluri <sathi...@yahoo.com.invalid> wrote:
> We have Guacamole configured to use SAML to initially authenticate users > and subsequently use LDAP to look up the user and retrieve RDP connection > properties. > > When using this setup, user is successfully authenticated against SAML but > Guac makes no attempt to connect to LDAP to look the user up. > So using SAML auth, do connection details have to come from a DB alone? Is > LDAP not supported? > > You are correct, after a successful SAML authentication, there will be no attempt to connect to LDAP. This is because the LDAP module is designed specifically to use the credentials of the user who is logging in to query the LDAP tree. Since 1) authentication has already succeeded, and 2) with SAML authentication there is no password to send to the LDAP server, the module will not attempt to authenticate the user. If you're storing connection information in LDAP then you should just use LDAP to authenticate and not try to stack SAML and LDAP. -Nick
