Ah, I see now. In the beginning I had to create a database user with the same username as my LDAP user and then I granted that database user the appropriate permissions. I'm using a different LDAP account to query users so if I log in as guacadmin right now I'm only able to see the database users. It makes sense now. Sorry for the confusion!
On Tue, Nov 15, 2016 at 1:08 PM Mike Jumper <[email protected]> wrote: > On Tue, Nov 15, 2016 at 12:53 PM, Omar Sandoval <[email protected]> wrote: > > For my installation I just logged in as guacadmin and granted my LDAP user > the appropriate permissions. It wasn't necessary for the account to exist > in both the database and LDAP. > > > Granting a user permissions in that manner actually does create a > corresponding user within the database. The user interface simply unifies > the data associated with both accounts, using the username to determine > identity. > > If you were able to see LDAP users within the list, then one of the > following must be true: (1) those users were manually created having the > same usernames as users that happened to exist in LDAP already, or (2) the > guacadmin user existed in LDAP, and thus the LDAP auth was able to pull the > user list by binding with the provided credentials. The only way that > Guacamole is able to pull users from LDAP is through using your provided > credentials (in this the username "guacadmin" and your password) to bind to > LDAP and issue a query. If that isn't the case, then those users can only > be there if they were manually placed there independently of LDAP. > > - Mike > >
