[
https://issues.apache.org/jira/browse/GUACAMOLE-1933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17828928#comment-17828928
]
Nick Couchman commented on GUACAMOLE-1933:
------------------------------------------
[~hcornet]: I believe that the main issue, here, is that users that are members
of the "Protected Users" group must authenticate with AES encrypted Kerberos,
and my guess is that LDAP authentication, in general, does not meet those
requirements. It may be possible to do this with LDAP + SASL, but the extension
doesn't currently support that.
Possible solutions are:
* Update LDAP extension to support SASL (if this would even work or address the
issue).
* Implement a Kerberos authentication extension.
* Use some SSO mechanism (SAML or OpenID, currently) instead of LDAP/Kerberos.
> Extension Authentification LDAP
> -------------------------------
>
> Key: GUACAMOLE-1933
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1933
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-auth-ldap
> Affects Versions: 1.5.4
> Environment: Debian 12 + docker + Windows 2019 + Active Directory 2016
> Reporter: Hubert Cornet
> Priority: Trivial
>
> Hello everyone,
> I'm looking to use Guacamole with LDAP (Active Directory) authentication.
> With a simple configuration, there's no problem.
> However, as soon as I start using the "Protected Users" group in LDAP (Active
> Directory), all the users in this group can no longer connect because their
> protocol is more restrictive.
> If you remove them from this group, everything works again.
> The problem is that a good administrator will prefer to leave users in the
> group.
> Has anyone encountered this problem and found a workable solution?
> Is there any way of modifying the environment variables to take this into
> account?
> Translated with DeepL.com (free version)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
