Re: LDAP AD - Group and Member Users

[Mike Jumper <mi...@glyptodon.com>]

On Tue, Nov 30, 2021, 12:51 Milton Ferreira <mi...@gmail.com> wrote:

> Hi,
>
> Is there a query that links the "member users" of an ldap group?
>
> By using the parameters "ldap-group-base-dn" and
> "ldap-group-search-filter" in "guacamole.properties" the group name is
> obtained but members are not.
>
> In the "Groups" tab, selecting a group, in the "User Members" section,
> appears the message "This group does not currently contain any users.
> Expand this section to add users.". The "ldap-user-search-filter" parameter
> returns users but does not link to groups.
>

There is such a query on login, yes - a user's LDAP group memberships are
retrieved and take effect, inheriting any permissions granted to database
groups having the same name. These memberships are just not exposed in the
UI (the LDAP tab of the group states only that the group is read-only).

The UI that you're seeing is the tab for the database side of that group
and will show only database users/groups added as members.

- Mike