On Sat, Apr 4, 2020 at 5:58 AM Roman V. Isaev <r...@isaeff.net> wrote:
> Is it possible to view active connections while using user-mapping.xml? > > No, the user-mapping.xml file is designed to be a very simple mechanism to test that authentication is working, and does not support most of the extended features that the other authentication mechanisms do. > I have our internal database with ~200 users and their computers. > It's trivial to export them as user-mapping.xml (and re-export as > needed, because that database is fluid with all hires/leaves), but > with user-mapping.xml I can't login as guacadmin and check who's > online and can't use rest api to fetch active connections > information too. > > If you have another database, I'd suggest that you could use some sort of ETL tool, either of your own build/design, or some free ones that are out there (Pentaho is good) to automate the load of data from one system to the other. The Guacamole JDBC schema is well-documented in the manual, and can be manipulated underneath the client so long as the schema and data are consistent. > I tried to run both user-mapping and sql authorizations at once. > They co-exist, but sql backend can't see user-mapping's connections.. > > One of the key features that the user-mapping.xml authentication mechanism does not support is layering with other modules, so this likely won't work. > I tried rest api, but it seems to be broken, or at least guacapy > library seems to be broken. It can fetch data, but it does not add > anything, here is an issue: > https://github.com/pschmitt/guacapy/issues/31 > > I'm not familiar with this tool - it isn't something directly supported by the project. Not sure if the author is lurking about here - if so, perhaps they can chime in on it, but it's not a familiar tool to me. > I don't like the idea of messing with sql tables directly, too. > > See: http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-schema You should be careful, but it is documented in the manual because we have foreseen the possibility that folks will want to manipulate the data directly. -Nick
