On Fri, Nov 3, 2017 at 6:01 AM, Nick Couchman <[email protected]> wrote: > > On Tue, Oct 31, 2017 at 5:43 PM, Thompson, John H. (GSFC-606.2)[PATUXENT > TECHNOLOGY PARTNERS] <[email protected]> wrote: >> >> Will storing the allowed connections in LDAP work with HTTP >> header authentication"? >> >> ... >> > > I believe the answer is no. Mike can correct this if I'm wrong, but my > understanding is that one of the security mechanisms in the LDAP module is > that the bind to look for connections is done with the user who logged in. > So, if the user is logged in through another mechanism (header > authentication), and particularly one that doesn't provide the password to > Guacamole (header will not), then there's not going to be any way for the > user who logged in to bind to the LDAP directory. >
This is exactly correct. Part of the idea behind the LDAP authentication is to allow the LDAP directory's own security constraints to dictate access level. This cannot be done without a bind. - Mike
