I have a similar setup. I created a self register page for users in Active Directory. The users connect to index.html that asks them if they have an existing account in the AD. If they do not, informs them to send an email to the system admin.
If they do, the cgi validates the users name and credentials. On a failure they get the same message to contact the system admin. Once validated the username is created in the MySQL Guacamole db, and basic access rights are created for the user in question. For our needs, two default connections are created that they cannot administer. The connections are set to KIOSK mode, CUT and PASTE is disabled. (We only use RDP.) The index.html has a link to the Guacamole server so if they are already registered they push the link to connect. They use the AD username and password this is passed to the connection... I was hoping to create an extension, but the example in the 9.13 documentation fails to compile. My hope was to dynamically update the valid connections and applications based on Active Directory group memberships, but that will not happen if the demo does not compile. I do not have enough experience to be able to trouble shoot at this time. I am in the process of documenting the solution (since it has more than a few moving parts in the solution), for my team and I hope for the document is that it is complete by the end of the month. (More or less) Dr. -- Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
