Type: New Feature
Affects Version/s: None
Fix Version/s: None
Environment:Guacamole 1.1.0 with mysql (mariadb) on Ubuntu 18.04 + tomcat9 + Windows 2019 AD bound to guacamole via LDAPS over 636.
We've recently deployed Guacamole 1.1.0 in an environment with Active Driectory and seem to be having a problem with managing connection permissions via nested groups.
Here's an ilustration of what we're running into:
User "joe" is a member of group "A" and that group is nested inside a parent group "B".
We are tryign to grant connection permissions to group "B", so that joe and member of any other future subgroup nested inside group "B" will automatically be granted acces to that same connection.
This does not seem to be working as we'd expect, and only works when we grant connection permission directly to group "A" (subgroup). In other words granting connection permission to the parent group does not seem to be working - joe logs-in but can't see any connections.
Here's what it looks like in terms of hierarchy:
Group B (granting connection permissions here does not work)
-> Group A (granting connection permission here works)
All the AD groups are reflected in Guacamole's "Groups" menu, so this does not seem to be an "ldap-group-base-dn" parameter issue.
We already tried using the LDAP filter: "ldap-group-search-filter: