Thanks Ivan. Muchas gracias Manuel. I see you've gone down the route of doing an HA on the SQL server. Ultimately, that may be the only way to go but I am trying to avoid that as much as possible (our specific use case really doesn't justify the complexity of a clustered SQL).
Anyway, as an update, I've got it to where if the user is authenticated via LDAP, a user is auto created in the SQL server so that takes care of the connectivity part. The only part missing now is how do we auto-assign connection groups to these new user that was created in the DB. More testing needs to be done. If I get it working, I'll share here. On Wed, Jul 31, 2024 at 10:29 PM Molina de la Iglesia, Manuel <manuel.molina-de-la-igle...@veolia.com.invalid> wrote: > Hi, > > I didn't finish to test the environment, but my approach was the following: > > 3 Servers with Galera Cluster for MariaDB and 2 of these servers with > Guacamole Client + Guacamole Server. > > *Manel Molina* > > *manuel.molina-de-la-igle...@veolia.com > <manuel.molina-de-la-igle...@veolia.com>* > > *Dirección de Ciberseguridad* > > Ciutat de L’Aigua (D38) > > Paseo de la Zona Franca, 48 > 08038 Barcelona / España > > www.veolia.com > <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect2.fireeye.com%2Fv1%2Furl%3Fk%3D31323334-501d5122-31356fd6-454445555731-a8425f343e5c4fad%26q%3D1%26e%3D30530535-2971-48a4-8441-12c02ea4dc09%26u%3Dhttps%253A%252F%252Feur01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%25253A%25252F%25252Fwww.veolia.com%25252F%2526data%253D05%25257C01%25257Csergi.carmona%252540agbar.es%25257C4c93dad3808642dd7ec308da3ccb99ab%25257Cf4a12867922d4b9dbb859ee7898512a0%25257C0%25257C0%25257C637889142388029142%25257CUnknown%25257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%25253D%25257C3000%25257C%25257C%25257C%2526sdata%253DJJM7r2MgHUaiuJD%25252Bk2xlr3opNEFsJkp%25252Byh2MJq0XRS0%25253D%2526reserved%253D0&data=05%7C01%7Coriol.val%40agbar.es%7C8a3587bd93134628cf9908da4d2baf8e%7Cf4a12867922d4b9dbb859ee7898512a0%7C0%7C0%7C637907147446774859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5Vjff2WWXgkB77AldZ5g116HPKmbRv1h5PRjQjH9k0o%3D&reserved=0> > > > > > El mié, 31 jul 2024 a las 8:14, Ivanmarcus (<ivanmar...@yahoo.com.invalid>) > escribió: > >> This isn't perhaps exactly what you're looking for, however it may >> contain some useful information?: >> >> https://lists.apache.org/thread/mt313c64nmfwnzhl61g0brwm8g9gq3z9 >> >> >> On 31/07/24 17:35, M Anon wrote: >> > Hi, >> > >> > Tried searching in the archives for "redundancy", "failover" and "high >> > availability" but got no hit. >> > >> > What we'd like to achieve is to have 2 servers but at any time we can >> > take one offline (for patching / maintenance, etc). We are OK with >> users >> > being disconnected and having to reconnect to the other server but what >> > we don't want is to have to configure each user on both servers' >> database. >> > >> > We authenticate users via LDAP and we know that we can store connection >> > info in AD by modifying the schema but we'd rather avoid touching the >> > schema. Can we utilize the ability of database authentication where >> > users are auto-provisioned in the database if successfully >> authenticated >> > by LDAP? How do we specify different groups of connections for each >> user >> > if they are auto provisioned e.g.: >> > >> > Group A - IT has access to all servers via RDP and SSH >> > Group B - student group 1 has access only to APPSERVER1 via RDP >> > Group C - student group 2 has access to APPSERVER1 and APPSERVER2 via >> RDP >> > Group D - contractor 1 has access to only APPSERVER1 via SSH >> > >> > and so on ... >> > >> > Any tips are appreciated ... >> > >> > PS: not sure it will matter (I don't think so) but we do have a HTTP/S >> > balancer that will sit in front of the 2 Guac servers >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org >> For additional commands, e-mail: user-h...@guacamole.apache.org >> >>
