Bulk Authorisation - LDAP or MySQL

[Tushar Jain <tu...@hitachi.mgrmnet.com>]

Hi,

I have more than a million users in LDAP to whom i have to give access to
the same set of connections/connection groups. What would be the easiest
and the fastest way to do so.

Will writing a small program to upload directly from Excel to Guacamole
Mysql be a good idea?

Thanks,
Tushar Jain

-- 
**Disclaimer:* This message and any attachment may contain confidential, 
proprietary information and is intended only for the individual named. If 
you are not the original intended recipient and have erroneously received 
this message, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net 
E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late 
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not 
accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. If verification is 
required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 
6/5, Safdarjung Development Area, New Delhi - 110016, India*
*
*
*'Please 
consider the environment before printing this e-mail'.*

Re: Bulk Authorisation - LDAP or MySQL

[xia <si...@alpert.org>]

Ugh...spellchecked....”ldapsearch”...sorry...



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Bulk Authorisation - LDAP or MySQL

[xia <si...@alpert.org>]

Tushar,

If you decide to go the MySQL route it.  Might be worth mentioning that 
‘lad-search’ has the option to directly output in csv format  (—outputFormat
csv)  and MySQL has the ability to load csv (LOAD DATA LOCAL INFILE...) with
no other tools needed.

While I can’t tell you what’s “right” for your installation or “better” from
the Guacamole point of view, from my point of view I prefer to maintain a
single set of user credentials (i.e. leave things in LDAP).  My experience
is that the greater number of records in more places, the greater the
potential for synchronization headaches.

—Stew



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org

Re: Bulk Authorisation - LDAP or MySQL

[Nick Couchman <ni...@gmail.com>]

On Fri, Nov 29, 2019 at 11:54 PM Tushar Jain <
tushar.jain@hitachi.mgrmnet.com> wrote:

> Thanks Nick. Just a small extension question - For the production
> environment, is it better to store connection details of a user in MySQL or
> LDAP?
>
>
I think only you can answer that question.  Most of the time the reason
that people use LDAP for user authentication in one place (like Guacamole)
is because they're already using it another place (Active Directory, for
instance), and they like to avoid duplicating effort maintaining usernames
and passwords, and don't like to have users worrying about it.  So, it's
really up to you.

-Nick

Re: Bulk Authorisation - LDAP or MySQL

[Tushar Jain <tu...@hitachi.mgrmnet.com>]

Thanks Nick. Just a small extension question - For the production
environment, is it better to store connection details of a user in MySQL or
LDAP?

Thanks
Tushar Jain

On Fri, Nov 29, 2019 at 10:56 PM Nick Couchman <vn...@apache.org> wrote:

> On Wed, Nov 27, 2019 at 10:37 AM Tushar Jain <
> tushar.jain@hitachi.mgrmnet.com> wrote:
>
>> Hi,
>>
>> I have more than a million users in LDAP to whom i have to give access to
>> the same set of connections/connection groups. What would be the easiest
>> and the fastest way to do so.
>>
>> Will writing a small program to upload directly from Excel to Guacamole
>> Mysql be a good idea?
>>
>
> I wouldn't go to Excel - I'd write a program in one of any number of
> languages that queries LDAP for the user and/or group accounts, and inserts
> them into the database.  Bindings for both LDAP and MySQL (or PostgreSQL or
> SQL Server) are readily available for all sorts of languages - C, C++, C#,
> Java, Python - so writing something to do this translation ought to be
> reasonably easy.  You can also just do a shell script of some sort - for
> example, in bash, use "ldapsearch" to query ldap for the required
> information, parse it out into some intermediate format (CSV, for example),
> and then use the mysql command line to read the data from stdin and insert
> it into the database.
>
> Plenty of options :-).
>
> -Nick
>

-- 
**Disclaimer:* This message and any attachment may contain confidential, 
proprietary information and is intended only for the individual named. If 
you are not the original intended recipient and have erroneously received 
this message, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net 
E-mail transmission cannot be guaranteed to be secure or error-free as 
information could be intercepted, corrupted, lost, destroyed, arrive late 
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not 
accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. If verification is 
required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 
6/5, Safdarjung Development Area, New Delhi - 110016, India*
*
*
*'Please 
consider the environment before printing this e-mail'.*

Re: Bulk Authorisation - LDAP or MySQL

[Nick Couchman <vn...@apache.org>]

On Wed, Nov 27, 2019 at 10:37 AM Tushar Jain <
tushar.jain@hitachi.mgrmnet.com> wrote:

> Hi,
>
> I have more than a million users in LDAP to whom i have to give access to
> the same set of connections/connection groups. What would be the easiest
> and the fastest way to do so.
>
> Will writing a small program to upload directly from Excel to Guacamole
> Mysql be a good idea?
>

I wouldn't go to Excel - I'd write a program in one of any number of
languages that queries LDAP for the user and/or group accounts, and inserts
them into the database.  Bindings for both LDAP and MySQL (or PostgreSQL or
SQL Server) are readily available for all sorts of languages - C, C++, C#,
Java, Python - so writing something to do this translation ought to be
reasonably easy.  You can also just do a shell script of some sort - for
example, in bash, use "ldapsearch" to query ldap for the required
information, parse it out into some intermediate format (CSV, for example),
and then use the mysql command line to read the data from stdin and insert
it into the database.

Plenty of options :-).

-Nick