Filtering out LDAP groups for JDBC sync/autocreate

[Ciro Iriarte <cy...@gmail.com>]

Hello!,

I've setup Guacamole client 1.3.0 + Guacamole-server git/master. It's
authenticating with FreeIPA and it's paired with MariaDB DB connected
with JDBC.

Using ldap-user-search-filter I'm able to autocreate the users members
of guaca-* groups, but looking up the groups once logged in, all the
directory groups are visible. Is there a configuration option
available to just import/show groups following another filter?.

Would be useful to just see all the guaca-* groups in my case instead
of having the view cluttered with all that is available in the
directory.

Regards,
CI.-

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Filtering out LDAP groups for JDBC sync/autocreate

[Ciro Iriarte <cy...@gmail.com>]

Thanks!, will compile and move the client to git/master too then.

Regards,
CI.-

On Sat, Aug 21, 2021, 07:36 Nick Couchman <vn...@apache.org> wrote:

> On Sat, Aug 21, 2021 at 1:03 AM Ciro Iriarte <cy...@gmail.com> wrote:
>
>> Hello!,
>>
>> I've setup Guacamole client 1.3.0 + Guacamole-server git/master. It's
>> authenticating with FreeIPA and it's paired with MariaDB DB connected
>> with JDBC.
>>
>> Using ldap-user-search-filter I'm able to autocreate the users members
>> of guaca-* groups, but looking up the groups once logged in, all the
>> directory groups are visible. Is there a configuration option
>> available to just import/show groups following another filter?.
>>
>>
> There will be in the next release, but the functionality does not exist in
> 1.3.0. For 1.4.0 a "ldap-group-filter" property has been added that allows
> you to filter out the groups pulled in by LDAP:
>
> https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-996
>
> 1.4.0 is a future release, and there is no planned released date, yet,
> though we are (hopefully) getting close.
>
> -Nick
>

Re: Filtering out LDAP groups for JDBC sync/autocreate

[Nick Couchman <vn...@apache.org>]

On Sat, Aug 21, 2021 at 1:03 AM Ciro Iriarte <cy...@gmail.com> wrote:

> Hello!,
>
> I've setup Guacamole client 1.3.0 + Guacamole-server git/master. It's
> authenticating with FreeIPA and it's paired with MariaDB DB connected
> with JDBC.
>
> Using ldap-user-search-filter I'm able to autocreate the users members
> of guaca-* groups, but looking up the groups once logged in, all the
> directory groups are visible. Is there a configuration option
> available to just import/show groups following another filter?.
>
>
There will be in the next release, but the functionality does not exist in
1.3.0. For 1.4.0 a "ldap-group-filter" property has been added that allows
you to filter out the groups pulled in by LDAP:

https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-996

1.4.0 is a future release, and there is no planned released date, yet,
though we are (hopefully) getting close.

-Nick