On Mon, Feb 7, 2022 at 1:18 PM Sathija Pavuluri <sathi...@yahoo.com.invalid>

> We have Guacamole configured to use SAML to initially authenticate users
> and subsequently use LDAP to look up the user and retrieve RDP connection
> properties.
> When using this setup, user is successfully authenticated against SAML but
> Guac makes no attempt to connect to LDAP to look the user up.
> So using SAML auth, do connection details have to come from a DB alone? Is
> LDAP not supported?
You are correct, after a successful SAML authentication, there will be no
attempt to connect to LDAP. This is because the LDAP module is designed
specifically to use the credentials of the user who is logging in to query
the LDAP tree. Since 1) authentication has already succeeded, and 2) with
SAML authentication there is no password to send to the LDAP server, the
module will not attempt to authenticate the user.

If you're storing connection information in LDAP then you should just use
LDAP to authenticate and not try to stack SAML and LDAP.


Reply via email to