Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Invalid
-
1.1.0
-
None
-
None
Description
I have installed Guacamole 1.1.0 and configured it to use our Samba AD server as LDAP + MySQL DB. Logins work fine, but when I add connections to a standard LDAP group, and users login who are in those groups, they cannot access the connections. As a result, when users login, they have access to no connections. I have 1000 users I have to either manually add connections for, or I have to write code to manually pre-add the users to the MySQL DB so they will have connections. I've written the mailing list, but there has been no feedback. I believe this is a bug.
1) Users and groups are in CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca:
CN=<user>,CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca
CN=<group>,CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca
For Guacamole ldap-group-base-dn: CN=Users,DC=ad,DC=eecs,DC=yorku,DC=ca
For Guacamole ldap-group-name-attribute: cn
But there's no option for me to specify: ldap-group-search-filter: objectClass=group
I also add: ldap-member-attribute: member
From the command prompt, I can print the groups using:
ldapsearch -x -h <ldap server> -D "<me>" -W -b "dc=ad,dc=eecs,dc=yorku,dc=ca" "(objectClass=group)"
Because of lack of ldap-group-search-filter, my list of groups in Guacamole contains all the users as well!
If I want to see who are the members of a group from the command line I can do:
ldapsearch -x -h <ldap server> -D "<me>" -W -b "cn=Domain Admins,cn=Users,dc=ad,dc=eecs,dc=yorku,dc=ca" member
2) I could live with the fact that the users appear in my group list because there's no way for me to specify ldap-group-search-filter. However, if I take a group that appears in the list (eg. Domain Users), and I add connections then when a user logs in who is in the group, they don't get the connections. This seems like a bug to me.