Is it possible to use already existing AD fields that LDAP reads? Or does it only read the Guacamole AD Fields from its schema modification? Can guacamole read any AD Group from the App at all? Can’t the Security group that controls login hold some kind of connection data? (using ad security groups to control login is amazing, love that feature)
I had just tested doing it the way you suggested, and it works, just means I have to load users individually or script an import. Has anyone used a GUI SQL tool such as Oracle SQL Developer or RazorSQL to pull data from the guacamole SQL tables and modify? Thanks! Carter Sema Network Support Specialist [email protected]<mailto:[email protected]> [CertBadge_Administrator_web] From: Nick Couchman [mailto:[email protected]] Sent: Tuesday, October 17, 2017 2:27 PM To: [email protected] Subject: Re: Guacamole ldap-group-base-dn On Tue, Oct 17, 2017 at 2:14 PM, Carter Sema <[email protected]<mailto:[email protected]>> wrote: I read the following article https://issues.apache.org/jira/browse/GUACAMOLE-12 when I was looking for how to assign connections to LDAP users. From the article it sounds like I can use AD Security Groups? Is this possible without updating my Schema? Updating my Schema is off the table for options. So im looking for the 2nd best without needing to import a ton of users into the guac sql database. Using that method requires that you store the connection information inside LDAP, which requires schema modifications. If you stack authentication modules, like JDBC and LDAP, you can have users log in with LDAP, make sure those same users are created in JDBC, and then assign the permissions to the user accounts objects in the JDBC module. As long as the LDAP and JDBC usernames match, this will map through. -Nick
