You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Nils (Jira)" <ji...@apache.org> on 2020/01/09 21:00:00 UTC

[jira] [Comment Edited] (GUACAMOLE-920) LDAP: Populate groups with membership from Directory Service.

    [ https://issues.apache.org/jira/browse/GUACAMOLE-920?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17012228#comment-17012228 ] 

Nils edited comment on GUACAMOLE-920 at 1/9/20 8:59 PM:
--------------------------------------------------------

Hi Nick, thanks for your detailed response.

My request wasn't so much to populate JDBC groups with LDAP users, but to populate the AD LDAP groups with the AD LDAP users. The suggestion would be to define a connection using JDBC as it is now, but have this connection refer to an LDAP Group Name and validate against it's membership.

Guacamole-715 seems to indeed match best what I am experiencing. 

Looking at the historic release schedule (past 2 years), is it safe to assume that 1.1.0 is due somewhere this month?

 


was (Author: darkl0rd):
Hi Nick, thanks for your detailed response.

My request wasn't so much to populate JDBC groups with LDAP users, but to populate the AD LDAP groups with the AD LDAP users. The suggestion would be to define a connection using JDBC as it is now, but have this connection refer to an LDAP Group Name and validate against it's membership.

 

> LDAP: Populate groups with membership from Directory Service.
> -------------------------------------------------------------
>
>                 Key: GUACAMOLE-920
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-920
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole-auth-ldap
>    Affects Versions: 1.0.0
>         Environment: docker
>            Reporter: Nils
>            Priority: Major
>              Labels: ldap, membership
>
> At the moment I'm using both LDAP and MySQL with Guacamole. MySQL to store the connection data, LDAP (without the custom schema) to perform the authentication. 
> The groups however, which come in from LDAP are empty - this means that currently I have to select each LDAP user and assign them to the LDAP group manually.
> This defeats the purpose of using LDAP groups in the first place, after all the entire idea is that you manage your groups & users in one central location; LDAP.
> It would be very helpful if the groups are populated with the members as defined in the respective LDAP directory, this way when a member is added to an LDAP group, the access to the connections is automatically granted.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)