Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
None
Description
As per documentation for example we are configuring guacamole to use multiple LDAP's in `ldap-servers.yaml` like below, with `match-usernames` option
- hostname: dc1.example.net user-base-dn: ou=Users,dc=example,dc=net username-attribute: sAMAccountName search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net search-bind-password: SomePassword! match-usernames: COMPANYA\\(.*) - hostname: dc2.example.net user-base-dn: ou=Users,dc=example,dc=net username-attribute: sAMAccountName search-bind-dn: cn=Guacamole,ou=Service Users,dc=example,dc=net search-bind-password: SomePassword! match-usernames: COMPANYB\\(.*)
In this case, to login i have to use `domain\username`. so after successful login ${GUAC_USERNAME} => `domain/username`.
Where as for single LDAP configuration in `guacamole.properties` ${GUAC_USERNAME} => `username`.
This is causing us to use ${GUAC_USERNAME} as username in RDP session connection.
How about doing, when user log-in into Guacamole extract domain name and username from DOMAIN\username, load into new variables
-
Put username into ${GUAC_USERNAME_ID}Domain name into ${GUAC_USERNAME_DOMAIN}
so we can use different variables when multiple LDAP's enabled.
I can able to fetch username using configuration in guacamole.properties `ldap-user-attributes: sAMAccountName` into ${LDAP_SAMACCOUNTNAME}
So proposing just extract domain name into ${LDAP_DOMAIN_NAME} is enough. I have raised pull request for this https://github.com/apache/guacamole-client/pull/931
