On Wed, Nov 22, 2023 at 5:58 PM Calum Hunter <[email protected]> wrote:
> Hi, > > I have Guacamole connected using ldap auth and postgresql > > I want to be able to assign user groups from AD to connection groups in > guac. > > (The idea here is to allow AD users who are members of say Group_1 to be > able to access connections that are stored in a Guacamole Connection Group) > > The problem is that I have far more than 1000 groups in my specific groups > OU in AD > > There is a property that I can set in guacamole.proerties > `ldap-max-search-results:` > > However changing this to a number greater than 1000, does not increase the > amount of groups that I see in the groups tab – it still only returns > exactly 1000 groups > > This limits me from being able to assign the connection groups to AD > groups. > > Is there a solution for this? > At the moment, no - I believe the issue is that the LDAP extension needs some work to use paged results, and this hasn't been done, yet: https://issues.apache.org/jira/projects/GUACAMOLE/issues/GUACAMOLE-299?filter=allopenissues The work-around is to tune your user and group search filters such that you only get the ones you need and make sure that number is less than or equal to 1000. -Nick
