Hi,
Good idea, but unfortunately that's not it. I discovered that if I'm specifying an OU with spaces, escaping is not necessary i.e. this works... LDAP_USER_BASE_DN="OU=External Demo Users,OU=Users,OU=MyBusiness,DC=MyCompany,DC=com" ...but if a CN (security group) is specified it doesn't work, with or without escaped spaces. Cheers Andy. ________________________________ From: Der PCFreak [mailingli...@pcfreak.de] Sent: 07 June 2017 06:23 To: user@guacamole.incubator.apache.org Subject: Re: LDAP_USER_BASE_DN pointing to an AD Security Group Hi Andy, maybe you just have to escape the spaces? Like shown here: http://www.linuxquestions.org/questions/linux-general-1/how-to-specify-space-in-ou-name-in-ldap-search-835175/ e.g. LDAP_USER_BASE_DN="CN=GUACAMOLE\ Group,OU=Security\ Groups,OU=MyBusiness,DC=mycompany,DC=com" Cheers Peter On 06.06.2017 15:58, Andy Pattrick wrote: Hi, I have LDAP authentication working using a BASE_DN pointing to an OU in my Active Directory. However I would like to point the BASE_DN at a security group so that I can simply add users to the group if I want to allow them to access Guacamole without moving them to a different OU. When I try this I find it doesn't work. I suspect this is because CN's are not supported in LDAP_USER_BASE_DN. Can anyone confirm if they have managed to do this? In summary: This works - LDAP_USER_BASE_DN="OU=MyUsers,OU=Users,OU=MyBusiness,DC=mycompany,DC=com" This does not work - LDAP_USER_BASE_DN="CN=GUACAMOLE Group,OU=Security Groups,OU=MyBusiness,DC=mycompany,DC=com" Many thanks, Andy. Click here<https://www.mailcontrol.com/sr/pVrfqO52gTvGX2PQPOmvUsPk3Ki21lNCDWFz8FPFLOPq83LDE2wdjFhuhqUR2lmN!fyLIztD8HPBcfXS4znW5Q==> to report this email as spam.