Not sure if this is a paste error or how you actually have it, but you have an 
extra quotation mark:

 Paving Employees,dc=superiorpaving,dc=net))"

There should not be a quote in front of "Superior" in the memberOf= part of the 
filter - LDAP filters can deal fine with spaces in the components of the 
filter, so your filter should look like this:
 Paving Employees,dc=superiorpaving,dc=net))"

Also, in the line you pasted in to the e-mail, you had a semicolon, instead of 
a colon, at the end of ldap-user-search-filter.
If it still doesn't work, try using that filter in an "ldapsearch" command and 
make sure you get results back:
ldapsearch -H ldap:// -D <YOUR BIND DN HERE> -W 
 Paving Employees,dc=superiorpaving,dc=net))'
Should do the trick.  If you get no results back or you get an error, fix it 
and try, again.

On Wednesday, August 9, 2017, 12:46:13 PM EDT, Erik Berndt 
<> wrote:

I'm attempting to filter AD groups permitted to login through Guacamole, which 
is making use of the auth-mysql and auth-ldap extensions. Login works fine for 
the users defined in the ldap-user-base-dn.

When I define the ldap-user-search-filter and reset the servlet container, all 
users are prevented from loggin in.

This is my first time writing ldap filters, so it's very possible this is a 
syntax issue. My search filter in is as follows:

 Paving Employees,dc=superiorpaving,dc=net))"

Can anyone assist me with this filter? 

I also have tried to restrict the ldap-user-base-dn to the specific group I 
want to give access to, but am running into the same issue.

Erik Berndt / Systems Administrator

Reply via email to