On Thu, Nov 16, 2023 at 10:17 AM Remush <[email protected]> wrote:
> Hey there! > Is the db is really needed? > Can I set a Guacamole with guacd and ldap instead? > It depends on how you're going to store connections and manage users. No, the DB is not strictly required, but it is very common to use it, at least for connection storage and permissions management. You can definitely use LDAP without the database; however, if you do this, you will need to extend your LDAP schema to be able to support storage of connections within the LDAP directory. Also, one thing that seems to trip people up frequently on the LDAP mechanism, particularly with respect to connection storage, is that the LDAP tree is always searched for connections using the credentials of the user who is logging in, NOT the search user. The search user is only used to locate the DN of the user logging in, and is not used after that. If you haven't already read the manual, I suggest you do that: https://guacamole.apache.org/doc/gug/ in particular: https://guacamole.apache.org/doc/gug/ldap-auth.html https://guacamole.apache.org/doc/gug/jdbc-auth.html Also, you cannot integrate LDAP authentication with the user-mapping.xml file - the basic file authentication provided by user-mapping.xml does not "stack" with other authentication modules, so you won't be able to define connections in that file and then authenticate users via LDAP. -Nick
