On 7/15/24 11:06 AM, Singh, Palvinder wrote:
Hi,
We have configured Apache Guacamole with our active directory using
LDAP. Once a new user is added to the group the user appears in the
username list of Guacamole and we configure TOTP. When user (Example
jxsighn) logs in as configured in active directory all lowercase, the
TOTP works perfectly fine, and user is promoted to enter the token.
However, if the user logs in with slight change to the username
(Examples: jXsighn or jxSighn ) then the user still can log in but the
TOTP is bypassed, and this appears as new user under Guacamole. How can
i correct this error?
You can use the relevant "*-user-required" property to require that
users have a corresponding database account:
https://guacamole.apache.org/doc/gug/jdbc-auth.html#restricting-authentication-to-database-users-only
That will enforce the database's definition of identity such that a user
with an LDAP account will only be able to log in with a username that
matches an account in the database.
Alternatively, you can switch to a database like MySQL or MariaDB that
also performs case-insensitive comparisons by default.
- Mike
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
