On Wed, Aug 6, 2025 at 3:11 AM Florian Segura <[email protected]> wrote:
> Hi, > > I have an issue on Guacamole built with Docker on version 1.6.0 with > mariadb 10.11. > Here is the scenario : > > 1) I have setup TOTP on my env variables > 2) I have setup LDAP servers with mysql-auto-create on my instance > 3) I have created local groupe named "NO-MFA" > 4) I logon with ldap account, setup MFA for the first time etc > 5) I added my ldap user to my local group > 6) I set "disable totp" to NO-MFA group dans I added my ldap user to this > local group. > > The thing is, the bypass MFA isn't working on this setup. It works when i > check bypass mfa on user directly but not from the group. > > The relation seems to work because when I check "System Administrator" > from the group with the ldap user member of, it works. > > Interesting. I would expect that what you've done is the right way to go about this, so it sounds like there's a bug in there that either isn't factoring in group membership when checking MFA status, or isn't correctly associating LDAP users to local groups at the time that it does that check. I'll try to have a go at reproducing it at some point, soon. -Nick >
