I'm trying to set up guacamole with LDAP authentication and would like to use postgresql as storage for the connection parameters. Looking at the provided database schema files for postgresql (001-create-schema.sql), the user information entered into the database requires a password. I'm wondering whether this means that the LDAP user credentials need to be duplicated and entered into the database? The guacamole manual however suggests that once a user is successfully authenticated using the credentials stored in LDAP, the guacamole database will trust this user and will use the information present in the database for this user ( https://guacamole.apache.org/doc/gug/ldap-auth.html):
"Data can be manually associated with LDAP users by creating corresponding user accounts within the database which each have the same usernames as valid LDAP users. As long as the username is identical, a successful login attempt against LDAP will be trusted by the database authentication, and that user's associated data will be visible." Actually, I'd like to prevent storing password information in the database and only use the LDAP passwords for authentication. Is this supposed to work? May I just adjust the database schema and leave the password field empty? BTW: Thanks for providing this great product. I've used it to host workshops for up to 50 people, providing each of them access to a graphical desktop. It's working great. :-)
