You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2021/02/14 17:18:00 UTC

[jira] [Commented] (GUACAMOLE-1287) LDAP groups from AD without members

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17284452#comment-17284452 ] 

Mike Jumper commented on GUACAMOLE-1287:
----------------------------------------

LDAP memberships are not exposed within the admin interface as those memberships are read-only. The membership interface that you're seeing is for managing the group having the same name within the database. You can add/remove database-driven memberships on top of the memberships inherited from LDAP / AD.

If you look toward the top of the group editor, you should see a set of tabs showing which backend is providing the data you're seeing, with the database being currently selected. If you instead select LDAP, you should see a notification regarding the read-only nature of the object.

LDAP / AD memberships are queried and will take effect when a user logs in, but you will not see those memberships available for manipulation within the Guacamole admin interface.

> LDAP groups from AD without members
> -----------------------------------
>
>                 Key: GUACAMOLE-1287
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1287
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-auth-ldap
>    Affects Versions: 1.3.0
>         Environment: Ubuntu 20.0.4, MySQL 8.0.23, PHP7.4, Guacamole 1.3.0
>            Reporter: Daniele
>            Priority: Major
>              Labels: client, extension, ldap
>             Fix For: 1.3.0, 1.4.0
>
>         Attachments: Immagine 2021-02-14 160135.jpg
>
>
> Once LDAP authentication has been configured against AD, LDAP groups are empty, i.e. without members.
> This is my configuration:
>  
> #LDAP properties
> ldap-hostname a.b.c.d
> ldap-port 389
> ldap-encryption-method none
> ldap-search-bind-dn CN=Ldap_int,OU=Services,DC=contoso,DC=com
> ldap-search-bind-password XXXXXXXXXXXXXXXXXXXX
> ldap-user-base-dn OU=Users,DC=contoso,DC=com
> ldap-username-attribute sAMAccountName
> ldap-user-search-filter (objectClass=user)
> ldap-group-base-dn OU=Groups,DC=contoso,DC=com
> ldap-group-name-attribute cn
> ldap-dereference-aliases always
> ldap-follow-referrals true
> ldap-member-attribute member
> ldap-member-attribute-type dn
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)