Greetings, I have run into an issue setting up LDAP authentication for a Guacamole Docker container (latest build); specifically with the property LDAP_MEMBER_ATTRIBUTE.
I am trying to use an existing LDAP server to provide both authentication and configurations to Guacamole. For those configurations, I am using both individual user permissions (via 'member' attribute) and group permissions (via 'seeAlso' attribute). On the server in question, group objects list their members using the attribute 'uniqueMember' instead of the usual 'member'; so by default, while permissions for individual users work for my configurations, group permissions do not. To fix this, I have set LDAP_MEMBER_ATTRIBUTE to 'uniqueMember'. However, while this makes configurations show up in Guacamole for users in the relevant groups, it also disables them for users who should have permission for them individually (through guacConfigGroup member attribute). Is there any way for me to make both individual and group permissions work? I have glossed over the code in GitHub, and assuming I understood correctly, Guacamole uses LDAP_MEMBER_ATTRIBUTE to read users from the configuration itself and not just from the associated groups (ConnectionService.java line 322). If so, is this intended behavior? It strikes me as odd, given that Guacamole is hardcoded to use object class guacConfigGroup, which in turn specifically uses the 'member' attribute. Thank you for your time and advice. Patrick Lübcke --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
