Hey,
thanks for your answer.
More beginner-Questions:
Do I need access to the AD for 1) and 2) or do changes only take place in my Guacamole VM?
Are there detailed instructions for this on the internet? Without will be somewhat difficult - I am completely new to the subject.
Thanks for your help.
Gesendet: Sonntag, 12. Juni 2022 um 20:25 Uhr
Von: "Nick Couchman" <vn...@apache.org>
An: user@guacamole.apache.org
Betreff: Re: Guacamole LDAP Users - add connections
Von: "Nick Couchman" <vn...@apache.org>
An: user@guacamole.apache.org
Betreff: Re: Guacamole LDAP Users - add connections
On Sun, Jun 12, 2022 at 2:12 PM Sebastian Männling <sebastian.maennl...@qubestack.org> wrote:
Hi Rene,did something like that some time ago…for testing I used vagrant, using the following file…Maybe you can “extract” the relevant stuff from there…Basically it should be line 181 to extend the ad schema…and 192-211 to add a connection…… if I understood your question correctly.Greetings,SebastianOn 12. Jun 2022, at 18:25, Rene Schrader <schraderr...@web.de> wrote:
Hello all,
I have a question regarding authorization with LDAP.Currently my system works like this:
- One can successfully log in using the Active Directory data.
- I can assign users a connection via the MariaDB database, which they can then use after authentication via LDAP.I would like to have LDAP handle the authorization directly. For this there are the schema files ".ldif" for OpenLDAP and ".schema" for the AD.If I would use OpenLDAP, I would use the command "ldapadd". But how do I make changes if I use an Active Directory. I really can't find anything on the internet about this -there must be some reasonable instructions on how I enter the connections into this .schema file?
There are two steps to this:
1) Extend the AD schema to support the Guacamole extensions.
2) Add the entries to the LDAP directory.
If you want LDAP to handle all of the connection storage, you absolutely must do these in order - the schema must be extended, first, and then you can add the entries.
From what I've found, ldifde is the Windows tool for doing AD schema extensions, so you might look into that. After the schema is extended you can then create entries using either a LDIF file or some sort of LDAP browser.
-Nick
