On Tue, Oct 17, 2017 at 3:04 PM, Carter Sema <[email protected]> wrote:
> Is it possible to use already existing AD fields that LDAP reads? Or does > it only read the Guacamole AD Fields from its schema modification? Can > guacamole read any AD Group from the App at all? Can’t the Security group > that controls login hold some kind of connection data? > > (using ad security groups to control login is amazing, love that feature) > > > > I had just tested doing it the way you suggested, and it works, just means > I have to load users individually or script an import. Has anyone used a > GUI SQL tool such as Oracle SQL Developer or RazorSQL to pull data from the > guacamole SQL tables and modify? > The way the module is currently implemented, if you want to store the actual connection information in LDAP, you need to modify the schema. There is no way (currently) to configure what LDAP attributes the extension looks at to get things like connection name, parameters, etc. The LDAP module can read users and groups without any schema modification; however, unless you're storing the connections themselves in LDAP, there's no way to map those LDAP groups, in particular, to connections. Guacamole doesn't support groups internally at the moment, so the only way the LDAP groups work is because it's using LDAP searches to limit the results it gets back. So, for this to work, everything has to be in LDAP. There's a JIRA issue out there to add group support to Guacamole, so hopefully this will change in the future, and maybe there will be some mapping for groups between the LDAP module and the JDBC module, depending on how that's implemented, but that remains to be seen. You should definitely be able to use scripts or a graphical tool to manipulate the Guacamole DB directly, or write an external script/tool to automate that. -Nick
