You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Jonathan Thomson (Jira)" <ji...@apache.org> on 2020/06/29 11:45:00 UTC

[jira] [Created] (GUACAMOLE-1116) LDAP connection object member does not allow groups

Jonathan Thomson created GUACAMOLE-1116:
-------------------------------------------

             Summary: LDAP connection object member does not allow groups
                 Key: GUACAMOLE-1116
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1116
             Project: Guacamole
          Issue Type: Wish
          Components: guacamole, guacamole-auth-ldap
    Affects Versions: 1.1.0
            Reporter: Jonathan Thomson


I've been away from the Guacamole project for a while but circled back round because I'm finding the official Microsoft HTML5 RDP client unreliable.

Previously I had tried (and failed) to implement connection objects in LDAP (Active Directory to be specific) but I finally got them working and I can assign individual objects to individual members or lists of members. I cannot however, either by design or due to a bug, assign a group as a member to a connection object.

Take this example from the wiki;
{noformat}
dn: cn=Example Connection,ou=groups,dc=example,dc=net
objectClass: guacConfigGroup
objectClass: groupOfNames
cn: Example Connection
guacConfigProtocol: vnc
guacConfigParameter: hostname=localhost
guacConfigParameter: port=5900
guacConfigParameter: password=secret
member: cn=user1,ou=people,dc=example,dc=net
member: cn=user2,ou=people,dc=example,dc=net{noformat}
The "member" attribute works with user accounts but I cannot get it to work with a group for which I know the distinguished name is correct and that my user is a member of, e.g.
{noformat}
member: cn=Guacamole Users,dc=example,dc=net
member: cn=Guacamole Admins,dc=example,dc=net{noformat}
Should this work? If not, is it something you could look at as a future enhancement?

For my use case (and perhaps others if it was available) it would be great to assign connections to groups and then use the flexibility of LDAP/AD to assign those groups to users rather than having to amend the individual object for each new member.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)