On Tue, May 24, 2022, 06:32 Kevin Cameron <[email protected]> wrote:
> I have have Guacamole 1.4 connected to Windows AD and I was able to create > a user and group filter so that if I create a new AD nested group with > users it will add the users from that nested group in the initial read but > then any changes to the membership (additions or removals) are not > reflected in Guacamole no matter how many times I log in or restart Guac. > > Any suggestions on what might cause this? > The LDAP support does not perform recursive membership queries to determine which LDAP groups apply to a user. The user filter may be used to reduce the user accounts available based on AD's recursive matching operator, but the operator used inside the LDAP support to determine group membership is just a standard attribute equality check and is not recursive. - Mike
