On Mon, Nov 20, 2023 at 9:27 AM Remush <[email protected]> wrote:
> So Im trying to understand fully.
>
> I have to set a DB in order to manage users and connections even if I
> configure an LDAP?
>
If you want to manage connections and permissions to connections directly
from the Guacamole UI, yes, you need a database. If you are okay managing
your connections with a LDAP editor, then you don't need the DB.
>
> and if so, then why do I even need the LDAP?
>
>
You don't _need_ LDAP for Guacamole to operate at all - you can use it with
just the database, as Richard mentioned.
The main reason why you might choose to use LDAP with Guacamole is to have
integrated authentication with other systems. One of the more common
scenarios is where you have Active Directory and want to access systems via
RDP, so you can point Guacamole at AD via LDAP, and then use the Guacamole
tokens ${GUAC_USERNAME} and ${GUAC_PASSWORD} in the connections so that
users can log in once to Guacamole and then transparently authentication to
the RDP connections.
But, if you don't care about doing that, or don't have Active Directory or
some other central LDAP-based authentication mechanism, then you can leave
out the LDAP part altogether.
-Nick
>
