So Im trying to understand fully. I have to set a DB in order to manage users and connections even if I configure an LDAP?
and if so, then why do I even need the LDAP? On Mon, 20 Nov 2023, 14:16 Nick Couchman, <vn...@apache.org> wrote: > On Mon, Nov 20, 2023 at 6:48 AM Remush <m.remmar...@gmail.com> wrote: > >> So If I use the LDAP and want to be able to control connections *in* the >> Guacamole Web >> >> I need to set a db? >> > > Yes. > > >> And how can I give admin over the guacamole to certain users? >> > > Guacamole matches usernames between the extensions. So, if you have a user > in LDAP called, for example, guacamole_user, and you create a user in the > database with the matching username, you can assign privileges to the user > from within the Guacamole UI, including admin access, the ability to use > connections, etc., and then authenticate with the user's LDAP credentials. > There's even a way to have users that successfully authenticate from > non-JDBC modules automatically created within the database. This is covered > in more depth in the user guide: > > https://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database > > https://guacamole.apache.org/doc/gug/ldap-auth.html#associating-ldap-with-a-database > > https://guacamole.apache.org/doc/gug/jdbc-auth.html#auto-creating-database-users > > It is worth noting that the comparison of usernames is currently > case-sensitive - so, if you have a user, "guacamole_user", in LDAP and the > JDBC module, but the user logs in with "Guacamole_User" (which will likely > succeed, because LDAP is case-insensitive), it will be seen as a different > user to Guacamole. There's some ongoing work to allow this behavior to be > configured. > > >> I want the LDAP only in order to access the guacamole and being the user >> that connects in the connections. >> >> But I want a certain LDAP group to be able to create those connections in >> the Guacamole >> > > Yes, all of this is completely possible, and is a relatively standard way > to use Guacamole. It means installing both the JDBC and LDAP modules, and > then creating users and/or groups within the JDBC module that match the > LDAP users and/or groups you're using to log in - again, most of this is > covered in the user guide, as linked above. > > -Nick > >>
