Not sure if this is a paste error or how you actually have it, but you have an extra quotation mark:
ldap-user-search-filter; "(&(objectCategory=Group)(sAMAccountName=*)(memberOf=cn=Accounting,ou=groups,ou="Superior Paving Employees,dc=superiorpaving,dc=net))" There should not be a quote in front of "Superior" in the memberOf= part of the filter - LDAP filters can deal fine with spaces in the components of the filter, so your filter should look like this: ldap-user-search-filter: "(&(objectCategory=Group)(sAMAccountName=*)(memberOf=cn=Accounting,ou=groups,ou=Superior Paving Employees,dc=superiorpaving,dc=net))" Also, in the line you pasted in to the e-mail, you had a semicolon, instead of a colon, at the end of ldap-user-search-filter. If it still doesn't work, try using that filter in an "ldapsearch" command and make sure you get results back: ldapsearch -H ldap://ad.superiorpaving.net -D <YOUR BIND DN HERE> -W '(&(objectCategory=Group)(sAMAccountName=*)(memberOf=cn=Accounting,ou=groups,ou=Superior Paving Employees,dc=superiorpaving,dc=net))' Should do the trick. If you get no results back or you get an error, fix it and try, again. -Nick On Wednesday, August 9, 2017, 12:46:13 PM EDT, Erik Berndt <erikber...@superiorpaving.net> wrote: I'm attempting to filter AD groups permitted to login through Guacamole, which is making use of the auth-mysql and auth-ldap extensions. Login works fine for the users defined in the ldap-user-base-dn. When I define the ldap-user-search-filter and reset the servlet container, all users are prevented from loggin in. This is my first time writing ldap filters, so it's very possible this is a syntax issue. My search filter in guacamole.properties is as follows: ldap-user-search-filter; "(&(objectCategory=Group)(sAMAccountName=*)(memberOf=cn=Accounting,ou=groups,ou="Superior Paving Employees,dc=superiorpaving,dc=net))" Can anyone assist me with this filter? I also have tried to restrict the ldap-user-base-dn to the specific group I want to give access to, but am running into the same issue. Erik Berndt / Systems Administrator
