Carter, This should be possible without any schema change. We use an AD Security Group to restrict which users are permitted to access the RD Server (regardless of the protocol). Within Guacamole.properties you can use the ldap-user-search filter to restrict which users are able to login through Guacamole.
For example, we use the Root OU as the ldap-user-base-dn (which afaik has to be the root OU). Than have the following lda-user-search-filter in place: ldap-user-search-filter: (memberOf=<CN=ADSECURITYGROUP>,ou=<GROUP>,OU=<ORGAZATIONALUNIT>,DC=<DOMAIN>,DC=<DOMAINSUFFIX>) Erik Berndt / Systems Administrator 5551 Wellington Rd, Gainesville, VA 20155 703.631.0004 x520 (Phone) / 703.257.1725 (Fax) http://www.superiorpaving.net Need to open an IT support ticket? http://FixIT.superiorpaving.net/portal or [email protected] On Tue, Oct 17, 2017 at 2:14 PM, Carter Sema <[email protected]> wrote: > I read the following article https://issues.apache.org/ > jira/browse/GUACAMOLE-12 when I was looking for how to assign connections > to LDAP users. From the article it sounds like I can use AD Security > Groups? Is this possible without updating my Schema? Updating my Schema is > off the table for options. So im looking for the 2nd best without needing > to import a ton of users into the guac sql database. > > > > Anyone have suggestions or solutions that they have implemented? > > > > Thanks! > > > > Carter Sema > > Network Support Specialist > > [email protected] > > [image: CertBadge_Administrator_web] > > >
