On Tue, Nov 15, 2016 at 12:53 PM, Omar Sandoval <[email protected]> wrote:
> For my installation I just logged in as guacadmin and granted my LDAP user > the appropriate permissions. It wasn't necessary for the account to exist > in both the database and LDAP. > > Granting a user permissions in that manner actually does create a corresponding user within the database. The user interface simply unifies the data associated with both accounts, using the username to determine identity. If you were able to see LDAP users within the list, then one of the following must be true: (1) those users were manually created having the same usernames as users that happened to exist in LDAP already, or (2) the guacadmin user existed in LDAP, and thus the LDAP auth was able to pull the user list by binding with the provided credentials. The only way that Guacamole is able to pull users from LDAP is through using your provided credentials (in this the username "guacadmin" and your password) to bind to LDAP and issue a query. If that isn't the case, then those users can only be there if they were manually placed there independently of LDAP. - Mike
