On Tue, Oct 17, 2017 at 2:37 PM, Erik Berndt <[email protected]> wrote:
> Carter, > > This should be possible without any schema change. We use an AD Security > Group to restrict which users are permitted to access the RD Server > (regardless of the protocol). Within Guacamole.properties you can use the > ldap-user-search filter to restrict which users are able to login through > Guacamole. > > For example, we use the Root OU as the ldap-user-base-dn (which afaik has > to be the root OU). Than have the following lda-user-search-filter in place: > > ldap-user-search-filter: (memberOf=<CN=ADSECURITYGROUP> > ,ou=<GROUP>,OU=<ORGAZATIONALUNIT>,DC=<DOMAIN>,DC=<DOMAINSUFFIX>) > > This does, indeed, allow you to restrict who can log into Guacamole, but does not let you assign individual connections to certain users or groups of users. -Nick
