Hello folks, Here is my situation. We're setting up a new authentication system using FreeIPA. So far, so good.
I've been able to configure Guacamole (using the official docker container) to use LDAP as its user and configuration store. The configuration is in the cn=guacconfig subtree. Here's where I'm a little confused When I use ldap-search-bind-dn to configure a bind user, I thought this was the login used to pull the configuration from cn=guacconfig. So I have a bind user set up that has access to this subtree. However, my users do not have access to this subtree, and I would rather they not. I don't want them to be able to run ldapsearch with their credentials and get the login credentials for the remote systems. When I log into Guacamole as my user, I don't see any connections unless I give my user search and read access to cn=guacconfig. Am I missing something, or is this expected behavior? -- Benjamin Long Chief Information Officer Security Service Company 1-484-575-8116
