Hi Thiago, You can't currently limit login based purely on LDAP group membership, but there are recent WIP changes that would allow you to limit access to only those users that also exist in the database (MySQL in your case):
https://issues.apache.org/jira/browse/GUACAMOLE-70 The code thus far is on a separate branch called "restrict-database-login": https://github.com/mike-jumper/incubator-guacamole-client/tree/restrict-database-login I'm not going to open a PR for that until we have 0.9.10-incubating behind us, but if you want to give it a try, please do. With a guacamole.war and MySQL auth .jar built from the above, you would specify the following in your guacamole.properties: mysql-user-required: true Attempts to login via any other mechanism (including LDAP) will then be denied unless that user has been associated with data in MySQL already. Thanks, - Mike On Wed, Aug 17, 2016 at 5:34 PM, Thiago Cruz <[email protected]> wrote: > Hello, > > I've implemented Gucamole with MySQL and Active Directory (no schema > changed). Everything is working but I'd like to allow users to login if > they are mapped into some LDAP group. I've tried using binding attributes > with no sucess. Anyone know if is that possible? > > Regards, >
