Hello,
I developed a small patch for the guacamole-auth-ldap extension that allows you
to specify in the guacamole.properties a new property: ldap-users-filter.
Basically if you apply the patch, you can add an LDAP condition that must be
satisfied by the users to become guacamole users. So if you set it as something
like this:
ldap-users-filter: memberOf=CN=Guacamole,OU=Service
Gropus,OU=Domain,DC=my,DC=lan
only the users that belongs to the specified group will be listed in the
guacamole interface and will be allowed to access Guacamole.
At that time I tried to submit the patch to the developers but I wasn’t able to
set up the whole environment needed to do that, so I gave up, hoping that my
patch would be added by someone else sooner or later.
The patch is very simple and you can find it attached to this mail.
I applied it successfully to the latest incubating releases (0.9.11 and
0.9.12), I hope it will be helpful.
Best Regards
—
MCM
ldap-users-filter.patch
Description: ldap-users-filter.patch
Hi, Good idea, but unfortunately that's not it. I discovered that if I'm specifying an OU with spaces, escaping is not necessary i.e. this works... LDAP_USER_BASE_DN="OU=External Demo Users,OU=Users,OU=MyBusiness,DC=MyCompany,DC=com" ...but if a CN (security group) is specified it doesn't work, with or without escaped spaces. Cheers Andy.
Hi Andy,
e.g.
LDAP_USER_BASE_DN="CN=GUACAMOLE\ Group,OU=Security\ Groups,OU=MyBusiness,DC=mycompany,DC=com"
Cheers
Peter
On 06.06.2017 15:58, Andy Pattrick wrote:
Hi, I have LDAP authentication working using a BASE_DN pointing to an OU in my Active Directory. However I would like to point the BASE_DN at a security group so that I can simply add users to the group if I want to allow them to access Guacamole without moving them to a different OU. When I try this I find it doesn't work. I suspect this is because CN's are not supported in LDAP_USER_BASE_DN. Can anyone confirm if they have managed to do this? In summary: This works - LDAP_USER_BASE_DN="OU=MyUsers,OU=Users,OU=MyBusiness,DC=mycompany,DC=com" This does not work - LDAP_USER_BASE_DN="CN=GUACAMOLE Group,OU=Security Groups,OU=MyBusiness,DC=mycompany,DC=com" Many thanks, Andy.
Click here to report this email as spam.
|