Hi The seeAlso attribute does not seems to work. I have added an AD group to that attribute on my connection in AD. But the users belonging to that group does not get the connection when logged in to Guacamole. Single users added to member attribute works, but not groups added to seeAlso. I have updated guacd, guacamole.war and both ldap and mysql extensions to latest GIT-versions. I am using ADS edit to edit my connections attributes.
Best Regards Mikael Osth From: Mike Jumper [mailto:[email protected]] Sent: den 3 augusti 2016 08:35 To: [email protected] Subject: Re: LDAP and MySQL, single connection On Tue, Aug 2, 2016 at 1:33 AM, Bastiaan van Haastrecht <[email protected]<mailto:[email protected]>> wrote: Hello again, I'm trying to find a solution for the folowing. I have my LDAP users in the GUAC settings portal. Currently I need to go into each user and assign an connection to the user, this is very time consuming and not automatic if a new user should be added to the LDAP directory. I would like to assign an connection to all existing and all new-to-come LDAP users. Like an auto provisioning rule based on LDAP group membership or other paramters. Is this posible? With a build of Guacamole from git, yes. Support for role-based access control was added after the 0.9.9 release and prior to its acceptance into the Apache Incubator: https://issues.apache.org/jira/browse/GUACAMOLE-12 You can add groups as members of a guacConfigGroup using the "seeAlso" attribute. Users which are members of those groups will then have access to the connections described by any associated guacConfigGroups. - Mike
