Whoops, guess I missed that part in the op. Nevermind! On Tuesday, October 17, 2017, Nick Couchman <[email protected]> wrote: > On Tue, Oct 17, 2017 at 2:37 PM, Erik Berndt < [email protected]> wrote: >> >> Carter, >> This should be possible without any schema change. We use an AD Security Group to restrict which users are permitted to access the RD Server (regardless of the protocol). Within Guacamole.properties you can use the ldap-user-search filter to restrict which users are able to login through Guacamole. >> For example, we use the Root OU as the ldap-user-base-dn (which afaik has to be the root OU). Than have the following lda-user-search-filter in place: >> ldap-user-search-filter: (memberOf=<CN=ADSECURITYGROUP>,ou=<GROUP>,OU=<ORGAZATIONALUNIT>,DC=<DOMAIN>,DC=<DOMAINSUFFIX>) > > This does, indeed, allow you to restrict who can log into Guacamole, but does not let you assign individual connections to certain users or groups of users. > -Nick >
-- Erik Berndt / Systems Administrator 5551 Wellington Rd, Gainesville, VA 20155 703.631.0004 x520 (Phone) / 703.257.1725 (Fax) http://www.superiorpaving.net Need to open an IT support ticket? http://FixIT.superiorpaving.net/portal or [email protected]
