On Tue, Dec 19, 2023 at 1:13 PM Remush <m.remmar...@gmail.com> wrote:
> I'm sorry if I'm being rude but that's a bit general. > I mean I understand that I have to configure it in the > guacamole.properties but I'm confused on how. > Here are a few things to check: * In order to get the LDAP extension to even look up groups in LDAP, you need to at least configure the ldap-group-base-dn in guacamole.properties, and set it to a location in your LDAP tree that contains the groups you want to be available. If this property is not present in the configuration, groups will not be looked up at all. * You can also use "ldap-group-search-filter" to filter out what groups you'd like to have pulled in to Guacamole. This is useful if you have a very large LDAP tree but don't want it all in Guacamole. * Make sure that the configuration of the LDAP extension matches your LDAP server configuration. Things like ldap-member-attribute and ldap-member-attribute-type may need to be adjusted depending on your LDAP server to make sure that it properly recognizes membership of users in groups. * You will only be able to see LDAP users and groups in the Guacamole UI when you log in with an LDAP user account - the default guacadmin account from the DB extension will not be able to see the LDAP data. > > And I completely don't understand the interface part? What interface? What > acls? Isn't it configured in the postgresql? > Once you have the group membership being pulled in correctly, you can configure the group permissions in the Guacamole UI, assigning permissions to a group of users. -Nick
