On Wed, May 15, 2024 at 6:20 AM David Lomas <[email protected]> wrote:
> Hi, > > I've set up a balancing group in Guacamole which contains 3 test > connections to individual machines. If I create test users in the web > interface and assign them to the group (but _not_ to individual > connections), I can see the balancing working—when each user logs in, they > are assigned to an available connection. > > If you're setting up a balancing group, then this means that you're using the JDBC (DB) extension for storing connections, correct? > But how can I 'target' a user who is authenticated via LDAP to this > connection group? The documentation shows how to return a connection to a > specific machine as part of the guacConfigParameter object (hostname: xyz, > etc.) but I couldn't find anything about returning a connection group > there. Is this possible? Is there some documentation I've missed? > > There are two ways to do this: * You can create a user account in the database that has the same user name (generally case-sensitive) as the LDAP user, and assign permission for a connection or connection group to the user. Note that this can also be largely automated by enabling the auto account-creation capability. See: https://guacamole.apache.org/doc/gug/ldap-auth.html#associating-ldap-with-a-database , https://guacamole.apache.org/doc/gug/jdbc-auth.html#auto-creating-database-users * Instead of doing this based on username, you can do this with user groups - if you enable group searching in LDAP, you can assign the permissions to the groups, and, as long as the groups in the database have the same name as the LDAP groups, Guacamole will associate those permissions. -Nick
