> > The only thing Guacamole uses these credentials for is to locate the user > who is logging in. After that user is located, the search bind is > disconnected and the user's credentials are used from that point on, > including evaluating group membership for the user and connections stored > in LDAP.
Oh, I see. I did not realize that! I think we're likely moving in the direction of supporting this > functionality, and, speaking only for myself, I would not oppose such a > change - it tends to be pretty frequently-requested, as it's how a lot of > other LDAP connectors work. That said, my preference is that the current > way it functions remain the default configuration, and such a change (using > search DN to evaluate group membership and connections in LDAP) would have > to be explicitly enabled in the configuration. Ok, sounds good. I searched the Jira issues but didn't see anything that I thought lined up with this feature. If it's been requested already, could you point us in the right direction? Thanks, -Loren -- *This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.*
