On Wed, Aug 2, 2023 at 11:11 AM Stephan <sha...@gmx.com> wrote: > > > I manually populated the $remote_user variable with an existing account in my > LDAP, I can automatically connect to Guacamole but I can't find any > connection already configured. If I try a classic LDAP connection, I see my > connections. > Isn't it possible to use Auth-Header and LDAP at the same time ?
No, it isn't - this is because the LDAP extension works in the following way: * User gets Guacamole login page and enters credentials. * If a Search DN/password has been configured, the extension connects with the credentials to locate the user, then disconnects. * If a Search DN/password has not been configured, the extension computes the expected DN of the user. * The DN - either searched for and found or computed - and password entered by the user are used to establish a new LDAP connection. * The connection with the user's credentials are then used to search the LDAP tree to locate connections, connection groups, etc., which are displayed for the user. Since the Header auth module will have no knowledge of the user's password, it isn't possible for it to connect to LDAP using the user's credentials, so the LDAP module won't be used to retrieve connections. This is an intentional design - it allows for access control to Guacamole connections by leveraging the security already present in LDAP. -Nick --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
