On Mon, Mar 7, 2022 at 4:18 PM Aaron Cayard-Roberts <[email protected]> wrote:
> Hello all, > > We've been using guacamole for a couple of years with CAS for > authentication and it's been great. We recently upgraded our system to 1.4 > and everything has been working great. > > Currently, we're handling our groups (and connections) through the > database extension but I was interested in trying out the cas-group-attribute. > Is this option compatible with the database extension? I was expecting > either new groups to be created and/or the membership of the groups to be > updated based on the cas-group-attribute values of the user's > session....but that doesn't seem to be happening. > > Yes, the extension is "compatible" - really, stackable is the proper term - with the database extension. That said, it probably won't work in exactly the way you're expecting it to work. Users who log in via CAS can be automatically created in the database extension, and you can also create matching groups in the database extension and apply permissions to those groups. However, the database extension won't automatically update its version of group membership with the members that come through in the CAS extension - rather, this will be evaluated dynamically and transparently when the user logs in. In this way, there's no way for an admin in Guacamole to see all of the members of a group that is populated via CAS membership. -Nick
