You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@guacamole.apache.org by Carter Sema <CS...@acschools.org> on 2017/11/02 15:31:43 UTC

SQL User/Connection Scripting

My guacamole is setup to authenticate from LDAP, but since connections cannot get managed unless Schema is updated. I wanted to try and manage connections through the SQL database Guacamole uses. Currently my way to get a user into guacamole is such

SIS SQL Statement Pull into CSV -> PowerShell Adds User to AD Security Group -> User Logs In->User has no connections
(This process is automated through SFTP and Windows Task Scheduler, every morning around 4AM, it adds new users)

After the user logs in, usually I add the connection for myself or another Tech, but for students it could become large scale and not able to be done by hand.

Which is great and works. So I started SQL scripting to add a connection but am just a little confused and looking for an example, if anyone has done this. In order to add the connection, First the user has to be added to SQL, (again just looking for example If possible) the My CSV that I am pulling from our Student information System has all the information needed to create the SQL user. I am just looking for the mappings that I need to set. I looked at "Chapter 6: Database Authentication" in the Guacamole Manual, but it wasn't all that helpful.  It gives the column names for SQL, but sometimes a generic example helps me to understand better.

Thanks!

Carter Sema
Network Support Specialist
[CertBadge_Administrator_web]

Re: SQL User/Connection Scripting

Posted by drhoule <dr...@hubcc.ca>.

I have a similar setup. I created a self register page for users in Active
Directory.
The users connect to index.html that asks them if they have an existing
account in the AD.
If they do not, informs them to send an email to the system admin.

If they do, the cgi validates the users name and credentials.
  On a failure they get the same message to contact the system admin.
Once validated the username is created in the MySQL Guacamole db,
  and basic access rights are created for the user in question.
  For our needs, two default connections are created that they cannot
administer.
  The connections are set to KIOSK mode, CUT and PASTE is disabled. (We only
use RDP.)

The index.html has a link to the Guacamole server so if they are already
registered they push the link to connect. They use the AD username and
password this is passed to the connection... 

I was hoping to create an extension, but the example in the 9.13
documentation fails to compile. My hope was to dynamically update the valid
connections and applications based on Active Directory group memberships,
but that will not happen if the demo does not compile. I do not have enough
experience to be able to trouble shoot at this time. 

I am in the process of documenting the solution (since it has more than a
few moving parts in the solution), for my team and I hope for the document
is that it is complete by the end of the month. (More or less)

Dr.
 



--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/