You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by "MARTINEZ, ARIEL" <AM...@hostos.cuny.edu> on 2020/09/29 13:28:53 UTC
RE: [EXTERNAL] [Suspected SPAM] Add LDAP users to database groups
with scripts
Hello,
I have LDAP authentication enabled and did not extend the AD schema. I am able to sync AD groups and I do not have to do any manual user import to groups in the guacamole database. In the documentation I believe this was accomplished by having a "guacadmin" AD account that has permissions to read AD.
-----Original Message-----
From: larssonsamuel <sa...@kau.se>
Sent: Tuesday, September 29, 2020 5:47 AM
To: user@guacamole.apache.org
Subject: [EXTERNAL] [Suspected SPAM] Add LDAP users to database groups with scripts
Importance: Low
WARNING: This email originated outside the Hostos campus. Do not click links or open attachments unless you recognize the sender and know the content is safe. Never provide login credentials, financial or sensitive details in response to an email or by clicking on a link. Report suspicious emails to: reportspam@hostos.cuny.edu
Hi,
My setup looks like this:
Users exist in AD, towards which they authenticate when logging in to Guacamole. The group management however is handled in MySQL since we couldn't change the schema to provide group management in our AD.
When I look in the database, it looks like users are getting created in the database on first authentication (which they do towards AD), and the password hash column is populated. Does this mean that the hashes that I see in the database are fetched from AD during the authentication? I can't seem to find anything in the docs about this.
The problem that I now have encountered is that I want to add users to group via script, i.e. SQL queries, so that they are already added before they do their first authentication. But how can I get all the info from AD to successfully populate all required fields for a new user in the database?
Hope this makes sense!
//Samuel
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org