I'm attempting to filter AD groups permitted to login through Guacamole,
which is making use of the auth-mysql and auth-ldap extensions. Login works
fine for the users defined in the ldap-user-base-dn.

When I define the ldap-user-search-filter and reset the servlet container,
all users are prevented from loggin in.

This is my first time writing ldap filters, so it's very possible this is a
syntax issue. My search filter in guacamole.properties is as follows:

ldap-user-search-filter;
"(&(objectCategory=Group)(sAMAccountName=*)(memberOf=cn=Accounting,ou=groups,ou="Superior
Paving Employees,dc=superiorpaving,dc=net))"

Can anyone assist me with this filter?

I also have tried to restrict the ldap-user-base-dn to the specific group I
want to give access to, but am running into the same issue.

Erik Berndt / Systems Administrator

Reply via email to