[jira] [Updated] (GUACAMOLE-1881) Add parameter token for domain of LDAP user

Tue, 08 Apr 2025 06:19:22 -0700 


     [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1881?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mike Jumper updated GUACAMOLE-1881:
-----------------------------------
    Summary: Add parameter token for domain of LDAP user  (was: 
${GUAC_USERNAME} name become domainname\username multiple LDAPS)

> Add parameter token for domain of LDAP user
> -------------------------------------------
>
>                 Key: GUACAMOLE-1881
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1881
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: Documentation, guacamole-auth-ldap, guacamole-client
>            Reporter: Josna Battula
>            Priority: Minor
>             Fix For: 1.6.0
>
>         Attachments: image-2023-11-15-12-03-22-508.png
>
>
> As per 
> [documentation|https://guacamole.apache.org/doc/1.5.0/gug/ldap-auth.html#using-multiple-ldap-servers]
>  for example we are configuring guacamole to use multiple LDAP's  in 
> {{ldap-servers.yaml}} like below, with `match-usernames` option
> {code:none}
> - hostname: dc1.example.net
>   user-base-dn: ou=Users,dc=example,dc=net
>   username-attribute: sAMAccountName
>   search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
>   search-bind-password: SomePassword!
>   match-usernames: COMPANYA\\(.*)
> - hostname: dc2.example.net
>   user-base-dn: ou=Users,dc=example,dc=net
>   username-attribute: sAMAccountName
>   search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net
>   search-bind-password: SomePassword! 
>   match-usernames: COMPANYB\\(.*)
> {code}
> In this case, to login i have to use {{domain\username}}. So after successful 
> login ${GUAC_USERNAME} =>  {{domain/username}}.
> Whereas for single LDAP configuration in {{guacamole.properties}} 
> ${GUAC_USERNAME} => {{username}}.
> This is causing us to use ${GUAC_USERNAME}  as username in RDP session 
> connection.
> How about doing, when user log-in into Guacamole extract domain name and 
> username from DOMAIN\username, load into new variables:
> * Put username into  ${GUAC_USERNAME_ID}
> * Domain name into ${GUAC_USERNAME_DOMAIN}
> So we can use different variables when multiple LDAP's enabled.
> I can able to fetch username using configuration in guacamole.properties 
> {{ldap-user-attributes: sAMAccountName}} into ${LDAP_SAMACCOUNTNAME} 
> So proposing just extract domain name into ${LDAP_DOMAIN_NAME} is enough. I 
> have raised pull request for this 
> https://github.com/apache/guacamole-client/pull/931



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to