On Fri, Feb 3, 2023 at 4:54 PM Michael Hess <michael_h...@nols.edu.invalid> wrote: > > Hey folks! > > I want to enable LDAP in my Guac Docker, I added the ldap environment > variables to the docker-compose.yml, removed the image, and did "docker > compose up" but it didn't add the .jar within the image/container. How do I > go about that? > > Then, I'm using Azure for SSO, will the guac server take that username and > somehow allow it to check against ldap to use the ${GUAC_USERNAME} and > password tag to pass through?
This configuration probably won't work quite as you expect it for a couple of reasons: * If your users are logging in with Azure SSO (SAML), then Guacamole will have no access to the password for the user. * In the LDAP extension, all of the transactions with LDAP after the initial search for the user are done with the credentials of the user who is logging in to Guacamole. This is regardless of whether you have a bind DN and password specified in the configuration file - as soon as Guacamole finds a user with the bind credentials you specify in the configuration file, it un-binds and then attempts to re-bind using the LDAP object plus the password of the user who is logging in. Since Azure SSO (SAML) has authenticated your user, there won't be a password, and the LDAP module will never get past attempting to authenticate that user, which is probably won't even try to do in absence of a password and with an already-successful authentication from SAML. > > Then, can I have each user assign their own ssh private key somewhere so they > don't have to enter it into a new connection for each server themselves? I'd > prefer to create all connections, so nobody else has to, and just assign by > groups. And the host key box doesn't work, fails to connect, taking the key > directly from known_hosts. This has been discussed before, but there currently is not a way to set per-user credential configurations outside of the ${GUAC_USERNAME} and ${GUAC_PASSWORD} tokens, which only work if your users are actually entering both a username and password. I suspect it'll show up in Guacamole before too long - there are just too many good use cases for such a setup to not support something like that. > > Lastly, cut/paste doesn't work on a mac client from a mac host. The Alt key > maps to the windows key, and the windows (whatever it is on mac) doesn't do > anything. The slide cut/past box won't work in either direction. Using what protocol? VNC, I'm guessing? I've managed to get access to a Mac with VNC a couple of times to do some debugging work on the VNC bits, but don't have a lot of experience, nor consistent access to a Mac platform, to try this out at the moment. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org