On Tue, Feb 7, 2023 at 10:02 AM Steffen Moser <li...@steffen-moser.de> wrote: > > Hi all, > > I've got a question regarding the LDAP backend available in Guacamole > 1.4. We use LDAP for both, our primary user directory, and for > configuring Guacamole – especially the connections. We do this typically > by using LDAP groups, so we thereby allow a whole course access to our > remote tool servers. > > A few months ago, we discovered the "sharing profiles". It's a very > great feature, as it allows people in distinguished courses to share > their screen to other students without having to use video conference > screen sharing. Especially, the read-write feature is great for getting > write access in order to allow instructors or peer students to help. > > Unfortunately, to configure the sharing profiles, it seems that I have > to create local users and connection records in Guacamole's local MySQL > database. My question: Is there any hidden LDAP attribute which allows > to create share profiles within LDAP? If not, is anyone working on such > a feature? >
No, currently the JDBC and JSON modules are the only ones that support sharing profiles - the LDAP module does not. I think it has been requested as a feature, but there is no work on it currently. You will definitely have to define connections in the JDBC module to get this to work; however, for the user and group piece of this, you can use the stacking features of the modules, allowing users to authenticate with LDAP, but storing connections and permissions in the JDBC module. You can then use group membership from LDAP to assign permissions to a group of the same name in the JDBC module, or have users auto-created in the JDBC module and assign group membership and permissions that way. You may find this section of the user guide helpful: https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
