Details
-
New Feature
-
Status: Closed
-
Minor
-
Resolution: Duplicate
-
None
-
None
-
Guacamole 1.1.0 with mysql (mariadb) on Ubuntu 18.04 + tomcat9 + Windows 2019 AD bound to guacamole via LDAPS over 636.
Description
Hi,
We've recently deployed Guacamole 1.1.0 in an environment with Active Driectory and seem to be having a problem with managing connection permissions via nested groups.
Here's an ilustration of what we're running into:
User "joe" is a member of group "A" and that group is nested inside a parent group "B".
We are tryign to grant connection permissions to group "B", so that joe and member of any other future subgroup nested inside group "B" will automatically be granted acces to that same connection.
This does not seem to be working as we'd expect, and only works when we grant connection permission directly to group "A" (subgroup). In other words granting connection permission to the parent group does not seem to be working - joe logs-in but can't see any connections.
Here's what it looks like in terms of hierarchy:
Group B (granting connection permissions here does not work)
-> Group A (granting connection permission here works)
->joe
All the AD groups are reflected in Guacamole's "Groups" menu, so this does not seem to be an "ldap-group-base-dn" parameter issue.
We already tried using the LDAP filter: "ldap-group-search-filter:
ldap-group-search-filter:(&(objectclass=group)(memberOf:1.2.840.113556.1.4.1941:=CN=Group B,OU=Farm Access,OU=Groups,OU=Lab,DC=domain,DC=local))
Attachments
Issue Links
- duplicates
-
-
- Reopened
-