You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2019/12/19 03:12:00 UTC
[jira] [Commented] (GUACAMOLE-908) Link LDAP Group to DB Group even
if user not in DB
[ https://issues.apache.org/jira/browse/GUACAMOLE-908?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16999701#comment-16999701 ]
Mike Jumper commented on GUACAMOLE-908:
---------------------------------------
This is already how both users and groups are supposed to work. From [http://guacamole.apache.org/doc/gug/ldap-auth.html#ldap-and-database]:
{quote}
Data can be manually associated with LDAP user accounts or groups by creating corresponding users or groups within the database which each have the same names. As long as the names are identical, a successful login attempt against LDAP will be trusted by the database authentication, and that user's associated data will be visible.
{quote}
All you need is a matching group. If you're not seeing this in practice, you are likely running into GUACAMOLE-715.
> Link LDAP Group to DB Group even if user not in DB
> --------------------------------------------------
>
> Key: GUACAMOLE-908
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-908
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-auth-ldap
> Affects Versions: 1.0.0
> Reporter: Mathieu BRUNOT
> Priority: Minor
>
> Unless I missed something, if we want to give some permissions to a LDAP user, we need to create the user in both LDAP and database, even if the LDAP Group has its counterpart in the database.
> The idea would be to link to the DB group without needing the user in DB if the user has matching LDAP group(s).
> This could be a workaround to GUACAMOLE-708.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)