For my installation I just logged in as guacadmin and granted my LDAP user the appropriate permissions. It wasn't necessary for the account to exist in both the database and LDAP.
On Tue, Nov 15, 2016 at 12:25 PM Mike Jumper <[email protected]> wrote: You'll need to create a Guacamole user within the database with the same username as a user in LDAP, or create a user within LDAP having the same username as a Guacamole user. As long as an account exists in both places, and the user within the Guacamole database has administrative permissions, then you should see the admin functions. If the corresponding LDAP user has permission to query other users in the directory, then you should also see LDAP users listed in the overall list of users in the admin screen, even if they do not yet exist in the database. >From the brief section on this in the manual [1]: "If an administrator account (such as the default guacadmin user provided with the database authentication) has a corresponding user in the LDAP directory with permission to list and read other LDAP users, the Guacamole administrative interface will include LDAP users in the overall user list presented to the administrator, and allow connections from the database to be associated with those users directly." - Mike [1] http://guacamole.incubator.apache.org/doc/gug/ldap-auth.html#ldap-and-database On Tue, Nov 15, 2016 at 8:15 AM, James Allsopp <[email protected] > wrote: Hello, I've set Guacamole up to use the mysql database backend and ldap, but although everything works I can't see the administration functions now. Is there any way of doing this, as we'd like the administrative functions, but need to use an LDAP server to co-ordinate with other projects? Thanks, James
