On Tue, Dec 5, 2023 at 10:45 AM Aero Tech <[email protected]> wrote:
> Adding the LDAPS user to user xml works for getting connections for the > LDAPS user but I have to have the LDAPS user password. Is there some way to > specify user mapping to accept the account LDAPS password? > The user-mapping.xml authentication mechanism does not "stack" with the other authentication mechanisms that way, so, no, there is no way to do that. If you want to use Guacamole with LDAP, and want connections to be stored somewhere outside of LDAP, the easiest way is to use the database module to store connections and then user LDAP users and groups. You mentioned this in your original e-mail, that you were using MySQL, and this should work fine. There are a few things to keep in mind: * If you want to map LDAP users and/or groups to the database module, the user and group names have to match *exactly* - including case-sensitivity. * In order to get LDAP groups pulled in, you'll need to make sure you're specifying the group base/search OU in the guacamole.properties file, otherwise groups will not be queried. * You can have users auto-created in the JDBC module (MySQL) upon successful login - there's an option for it in the guacamole.properties file. Overall, make sure you read the following manual pages thoroughly: https://guacamole.apache.org/doc/gug/jdbc-auth.html https://guacamole.apache.org/doc/gug/ldap-auth.html Feel free to post back with any specific questions or issues. -Nick >
